- Jul 22, 2014
- 2,525
Search engines failing at detecting and flagging malware
Twitter, Google, and other search engines such as Bing, Yandex, and Faroo are increasingly flooded with malware, according to trends tracked by the AV-TEST laboratory.
The team of researchers says they've tested 80 million links found in search engine results in 2015, and another 81 million in 2016. The results of this scan revealed the presence of malicious content in 18,280 sites in 2015, and in 29,632 sites in 2016.
Historical tests from 2013, when AV-TEST examined 40 million sites, clocked malware URLs at only 5,060 sites, showing a continuous growth for the past years.
Google Safe Browsing falls short when flagging malicious links
For the 2015 and 2016 tests, AV-TEST also says it double-checked the results of its internal scanning system against Google's Safe Browing API, which they say failed to identify all threats.
In 2015, for the 18,280 sites AV-TEST discovered, Google flagged only 9,725 results, while in 2016 Google Safe Browsing had a better batting average of 19,794 warnings out of 29,632 malicious links.
EXE files are the most common method of delivering malware
But there are different types of malicious content found on these links, such as tech support scams, phishing pages, or sites pushing malware-laced downloads.
When it comes to the latter category, which includes sites pushing actual, downloadable malware, AV-TEST says that 60 percent of these threats tried to start a direct file download just as the user landed on the site, while the rest tried to execute code snippets, or use Flash or Java exploits, reminiscent of exploit kits.
The top five of the most commonly pushed file types includes EXE files, ZIP and RAR archives, SWF Flash objects, and MSI installers, in this order.
Twitter also affected
Besides search engines, AV-TEST says it also analyzed tweets shared on Twitter. Experts stated that they scanned over 315 million tweets in 2015 and another 200 million in 2016.
Despite the smaller number of links analyzed in 2016, AV-TEST says it found 1,500 links leading to malware threats, while it only found 1,100 malicious links in 2015.
"It is important to point out that search engine operators are not virus hunters," said Maik Morgenstern, CTO of AV-TEST GmbH. "It is an additional job that they do not perform entirely on a voluntary basis."
Analysis overview
Twitter, Google, and other search engines such as Bing, Yandex, and Faroo are increasingly flooded with malware, according to trends tracked by the AV-TEST laboratory.
The team of researchers says they've tested 80 million links found in search engine results in 2015, and another 81 million in 2016. The results of this scan revealed the presence of malicious content in 18,280 sites in 2015, and in 29,632 sites in 2016.
Historical tests from 2013, when AV-TEST examined 40 million sites, clocked malware URLs at only 5,060 sites, showing a continuous growth for the past years.
Google Safe Browsing falls short when flagging malicious links
For the 2015 and 2016 tests, AV-TEST also says it double-checked the results of its internal scanning system against Google's Safe Browing API, which they say failed to identify all threats.
In 2015, for the 18,280 sites AV-TEST discovered, Google flagged only 9,725 results, while in 2016 Google Safe Browsing had a better batting average of 19,794 warnings out of 29,632 malicious links.
EXE files are the most common method of delivering malware
But there are different types of malicious content found on these links, such as tech support scams, phishing pages, or sites pushing malware-laced downloads.
When it comes to the latter category, which includes sites pushing actual, downloadable malware, AV-TEST says that 60 percent of these threats tried to start a direct file download just as the user landed on the site, while the rest tried to execute code snippets, or use Flash or Java exploits, reminiscent of exploit kits.
The top five of the most commonly pushed file types includes EXE files, ZIP and RAR archives, SWF Flash objects, and MSI installers, in this order.
Twitter also affected
Besides search engines, AV-TEST says it also analyzed tweets shared on Twitter. Experts stated that they scanned over 315 million tweets in 2015 and another 200 million in 2016.
Despite the smaller number of links analyzed in 2016, AV-TEST says it found 1,500 links leading to malware threats, while it only found 1,100 malicious links in 2015.
"It is important to point out that search engine operators are not virus hunters," said Maik Morgenstern, CTO of AV-TEST GmbH. "It is an additional job that they do not perform entirely on a voluntary basis."
Analysis overview