Google discovers over 9,500 new malicious sites per day

On its security blog today, Google shared some of the numbers behind its anti-malware and anti-phising efforts. In the post, the company touts its Safe Browsing API which is used by the likes of Safari, Firefox and Chrome and offers some interesting details regarding the types of attacks unscrupulous individuals use against unsuspecting web surfers.

Over the years, says Google, the company has learned a great deal from having to protect its own servers, users, webmasters and Internet service providers. This expertise has aided Google during the past five years in its fight against Internet evildoers, a self-ascribed duty which has been (and continues to be) a mostly proactive effort.

Google says it finds an average of 9,500 new malicious sites every day. The company also delivers several million warnings on a daily basis through its Safe Browsing API, an anti-malware and anti-phishing service which Chrome, Safari and Firefox use to warn their 600 million collective users of harmful websites. In that same amount of time, Google also hands out about 12-14 million warnings to users trawling through its search engine. 

Through Google's partnership with StopBadware.org, the company also alerts thousands of webmasters every day regarding infected websites – hackers frequently gain access to websites in order to insert malicious code into otherwise trustworthy websites and blogs.

Not surprisingly, the big G reports that malware and phishing attacks have grown in both numbers and sophistication. Malicious websites often have a short life – less than an hour – and periodically pop up under new, randomly generated domain names in order to avoid detection.

Even though the problem has grown and become a more international problem, web-based malware and phishing authors have also become better at targeting users with increasingly specific practices like spear phishing. 

Interestingly, the origins of most phishing scams can be traced back to hosts in the U.S. and Brazil. Iran, Spain, Australia and Peru are amongst least active countries when it comes to playing host or falling victim to phishing attempts.