Google: IP spoofing on the rise

Google Safe Browsing/IP Spoofing

Google has been running its Safe Browsing service for about four years, with a goal towards providing an open service that Web browsing applications can check against to see if a particular site is suspected of hosting malware or phishing scams. Now, Google has published an analysis (PDF) of more than 160 million Web pages on more than 8 million sites to look for trends in how malware is distributed—and finds that while social engineering tricks play a small role and plug-in and browser exploits are still common, malware distributors are increasingly turning to IP spoofing in hopes of avoiding detection.

Overall, Google finds that malware distributors rely on exploiting a vulnerability in a browser or a plug-in to install malware on users’ systems in what are known as drive-by attacks: typically, all users need to do is load a Web with the malicious code, and their systems are compromised. Google’s Safe Browsing initiative has automated tools that scan sites looking for these attempted exploits, and adds them to its database of questionable and dangerous sites if they’re found.

However, malware authors are increasingly turning to IP spoofing to avoid detection. In this case, the technique doesn’t involve using router trickery in order to make traffic from one source look like it comes from another; instead, the malware distributors try to detect connections from Google’s Safe Browsing survey (and services like it) and serve perfectly safe, innocuous Web pages to those services…saving its nasty payload for visitors they believe to be real users.

“The concept behind cloaking is simple: serve benign content to detection systems, but serve malicious content to normal Web page visitors,” wrote Lucas Ballard and Niels Provos in the Google Online Security blog. “Over the years, we have seen more malicious sites engaging in IP cloaking.”

Google emphasizes it is constantly adjusting its scanners with “state-of-the-art malware detection” to compensate for IP cloaking techniques, but notes malware distributors and security services will always be in an arms race…with security folks most often trying to play catch-up.

Google also notes that, with only a couple exceptions, browser and plug-in vulnerabilities used by malware distributors are only used for a comparatively short period of time: as soon as a new vulnerability is discovered—or an old one is patched—malware authors quickly move on to another exploit.

Google also notes that while getting people to install malware using social engineering—tricking people into downloading dangerous software, usually by promising a plug-in or antivirus package—is still common and on the rise, it’s employed by only about two percent of sites that distribute malware.


Popular Android navigation apps are just Google Maps with ads, researcher says

A malware researcher found that 19 free Android navigation apps on the Google Play Store were nothing more than Google Maps, but with ads. One of the apps asked for a payment to remove the ads, while some of them presented security risks.

Worried about your online privacy? We tested the best VPN services

Browsing the web can be less secure than most users would hope. If that concerns you, a virtual private network — aka a VPN — is a decent solution. Check out a few of the best VPN services on the market.

Android vs. iOS: Which smartphone platform is the best?

If you’re trying to choose a new phone and you’re not sure about the merits and pitfalls of the leading smartphone operating systems, then come on in for a detailed breakdown as we pit Android vs. iOS in various categories.

Delete tracking cookies from your system by following these quick steps

Cookies are useful when it comes to saving your login credentials and other data, but they can also be used by advertisers to track your browsing habits across multiple sites. Here's how to clear cookies in the major browsers.

Zipping files on a Chromebook? Follow these four easy steps

Chromebooks support file compression, though they work a little differently than on Windows or Mac. Here's the step-by-step process to zipping files on a Chromebook, and then unzipping them again for extraction.

How good are you at spotting phishing scams? Take this quiz to find out

Are you able to discern between a legitimate email and one that's a scam designed to phish for your personal information? Google created an online quiz with tips to help you better understand phishing so you don't become a victim.

Patent application reveals what’s to come after AMD’s Graphics Core Next

A published patent application from AMD has revealed a new type of graphics processor core which could make a big difference to the capabilities of its GPUs if it finds its way into them in the future.

Yes, you can use Android apps on your Chromebook. Here's how

You can now get Android apps on your Chromebook! Google has enabled the Google Play Store app support on its Chrome OS and Chromebook hardware, so to get you started, here's our guide on how to get Android apps on a Chromebook.

Microsoft targets Chrome OS with $189 Windows 10 laptops for education

Microsoft announced seven new low-cost Windows 10 laptops, all priced under $300 to take on Chromebooks and iPads in the education market, along with a new Microsoft Allora stylus for students using the Surface Go tablet.

Lenovo patent hints at a future tablet with a folding screen

Folding devices are a new trend, and according to a recent patent, Lenovo is considering a foldable 2-in-1 with a hinge mechanism that would allow consumers to bend back the screen on the device. 

Wifi Porter is a high-tech block of wood that lets you share your broadband

Tired of manually connecting your guests to your home Wi-Fi network? The latest invention from the folks at Ten One Design, the WifiPorter, allow individuals to connect to your Wi-Fi with the tap of their phone, or by scanning an available…

Midrange Nvidia GTX 1660 Ti graphics card may be 20 percent faster than GTX 1060

In the freshest development in graphics card rumors, alleged benchmarks are showing that the GTX 1660 Ti graphics card could be as much as 20 percent faster when compared to the older GTX 1060. 

Work and play anywhere with these portable, large-screen monitors

Via a recent and successful Kickstarter campaign by Unick, a new line of portable, large-screen monitors has been announced. The Gemini Taihe line of monitors offers two models: the Gemini FHD and the Gemini UHD.
Product Review

The Digital Storm Aventum X is an unstoppable gaming PC. Trust us, we tried

Packed with dual-Nvidia RTX 2080 Ti graphics card and a 9th-generation Intel Core i9 processor, the Aventum X is an infinitely upgradeable gaming PC that’s capable of far more performance than you’ll ever need.