Tricking web site visitors into revealing sensitive account credentials or installing a malicious piece of software is nothing new. I remember a time when custom Internet Explorer toolbars were commonplace along with the many problems they brought. Remember the never ending random popup windows or the browser windows that were nearly impossible to close? In addition, these plugins monitored user searches and recorded sensitive data like usernames and passwords for any sites the user visited.
Nowadays, browsers are smarter and more secure but things like tricking users into installing a malicious extension still exist. If the user wants to install an extension and clicks the necessary buttons, there is only so much the browser can do. Malicious browser extensions, phishing sites, malvertising, and deceptive ads are all trying to trick users into giving away their personal information or scamming them into installing malicious software on their machines.
Luckily, we have been working hard to research and upgrade our services to be able to detect these types of threats. We are proud to announce that now we have two additional categories that can detect malware and deceptive websites. These categories have been added to our categorization API and the self-hosted edition of the category database.
Here is an example of a website that would be labeled as a ‘deceptive’ site. This site attempts to trick the user into believing there is a major problem with their operating system and to call for support. Not only is the operating system error a fake but the support being offered is also a scam. If the user calls, their “support” agents will likely sell them a product to fix their “broken” system. And more than likely, that program contains malware!
Here is another example of a site that would be categorized as ‘deceptive’. By abusing functionality of the web browser, sites like the one shown below will slow down or completely block the users browser by starting thousands of downloads and monopolizing the computer’s CPU. By having an unresponsive browser, or even locking up the whole system, the threat messages about a malfunctioning computer give the user the “proof” they need to call the tech support number displayed.
Here are the two new categories added to the categorization API and some more details about each.
The malicious category contains websites that are infected with or distribute any kind of malware, spyware, or viruses. Also contains sites acting as a C&C for bots, worms, trojans, and other malware.
The current release includes:
- Detection for malware and C&C websites in real-time and add them to our database
- The ability to analyze the websites overall behavior using advanced heuristics
Web Shrinker Standard category: malicious
IAB category: IAB26-3 – Spyware / Malware / Malicious
The deceptive category contains websites that attempt to trick the user into believing they are on a different site in order to gather information or for other purposes. It also includes sites with deceptive advertising practices such as performing click redirections without the user’s consent.
The current release includes:
- Basic phishing detection
- Deceptive advertising that redirects users
- Fake tech support websites
Quick note: Brand specific phishing detection is planned for a future release
Web Shrinker Standard category: deceptive
IAB category: IAB26-WS2 – Deceptive / Phishing
These two categories are part of the categorization API and self-hosted category editions and are available for use today.