The Top 10 Malware Sites – How to Avoid Them Using a Google API

Michael Manoochehri, June 24th, 2009

Google Safe BrowsingHave you noticed an increase in the number of reports about malware and compromised web servers? Recently, a computer exploit known as Gumblar has been making news for its ability to launch exploits via drive-by download. Gumblar silently installs itself on a computer if a user simply visits a compromised web site, where it proceeds to steal FTP logins and replace legitimate Google search results with redirects to sites of the attacker’s choosing. Despite the threat of Gumblar and malware exploits like it, users of recent releases of the Firefox or Chrome browser have an extra layer of protection provided by their use of Google’s Safe Browsing API.

The Safe Browsing API is an experimental interface that provides developers with the ability to check URLs against Google’s constantly updated list of phishing and malware sites. The API can not only be used to warn users about suspicious sites while surfing the web, but it can also be used in behind-the-scenes functions, such as blocking malicious users from using online comment systems to post links to malware sites.

Recently, Google’s Online Security Blog decided to contribute to the discussion of the growth of malware and phishing attacks by publishing a graph of the Top 10 Malware Sites culled from the blacklists that the Safe Browsing API references. Google Security Team member Niels Provos writes:

Our automated systems found more than 4,000 different sites that appeared to be set up for distributing malware by massively compromising popular web sites. Of these domains more than 1,400 were hosted in the .cn TLD. Several contained plays on the name of Google such as, etc.

Google's Top 10 Malware Sites June 2009

The Safe Browsing API doesn’t provide perfect protection from malware, as sites will only trigger warnings if they have been added to Google’s blacklist. Furthermore, it’s occasionally possible for a legitimate site to be erroneously marked as a malware site.

Developers should be aware that the Safe Browsing API has a few restrictions that should be taken into consideration when attempting to add the interface to a client-side application. For example, Google does not permit applications to show warning messages to users unless a blacklist update has been successfully retrieved within the past 30 minutes. Developers must also follow Google’s strict guidelines for appropriate language used in warning messages. Furthermore, the API does not provide standardization functions, so URLs submitted for malware check against Google’s blacklist must be valid valid according to the canonicalization guidelines of RFC 2396. Finally, developers who use the Safe Browsing API must sign up for an API key (see the API documentation for more details).

As the technological arms race between creators of online attacks and developers who provide user security systems continues, applications that take advantage of security APIs like Google’s Safe Browsing might gain end user market share. For more information on available security-related APIs, check out our Security API listings.

Both comments and pings are currently closed.

4 Responses to “The Top 10 Malware Sites – How to Avoid Them Using a Google API”

July 1st, 2009
at 12:44 pm
Comment by: Ridan

Who are creators of Gumblar? I can provide a hitman!

November 13th, 2009
at 7:43 am
Comment by: » Google Safe Browsing API con PHP, filtra las urls potencialmente peligrosas « Cerebro en la Sombra

[...] devolverá un booleano que indica si la url es segura o no. Si probamos con alguna de éstas obtendremos un bonito false . Espero que os [...]

December 4th, 2012
at 6:30 am
Comment by: webmin apache virtual server tutorial

I was suggested this web site by my cousin.
I am not sure whether this post is written
by him as no one else know such detailed about my difficulty.

You are wonderful! Thanks!

December 5th, 2012
at 11:40 pm
Comment by: Reyes

Yesterday, while I was at work, my sister stole my iPad and tested to see if it can survive a 30
foot drop, just so she can be a youtube sensation.
My iPad is now broken and she has 83 views. I know this is totally off topic but
I had to share it with someone!

Follow the PW team on Twitter

APIs, mashups and code. Because the world's your programmable oyster.

John Musser
Founder, ProgrammableWeb

Adam DuVander
Executive Editor, ProgrammableWeb. Author, Map Scripting 101. Lover, APIs.