Real-World Challenges of Web-Based Malware

Abstract – Web malware is a problem users on the Internet encounter with increasing frequency. Besides often negatively affecting a user’s experience on the Internet, malware can also lead to financial loss and other harm. Over the last few years, Google has built a detection infrastructure that automatically identifies malicious web sites and warns users when visiting them. Inevitably, this has led to an arms race in which adversaries have changed their approach to increase the difficulty of detecting their activities. This talk explores different areas in which the deployed malware detection system had to adapt to adversaries changing their strategies. Examples range from referer cloaking, search engine optimization, and advertising to moving from exploiting vulnerabilities to social engineering tactics. The examples illustrate how insights can often only be gathered once a system has been deployed at large scale.

Biography – Niels Provos is a Principal Engineer in the Infrastructure Security group at Google. His areas of interest include computer and network security, as well as large-scale distributed systems. He received a Ph.D. from the University of Michigan in 2003 where he studied experimental and theoretical aspects of computer and network security at the Center of Information Technology Integration. He is the author of several popular open source libraries and security tools as well as the book “virtual Honeypots: From Botnet Tracking to Intrustion Detection” . Dr. Provos currently serves on the USENIX board of directors.