Google adds malware, phishing to transparency report to make the Web ‘safer’

Google is revealing some new numbers around malware and phishing attempts in an effort to get more people thinking about online security and to make the Web safer.

The data is being incorporated into the company’s biannual transparency reports, which are meant to provide clarity on the numbers for user data requests Google receives from government agencies and courts, as well as figures on removal requests received from copyright owners and governments and traffic reports for Google services worldwide.

The malware and phishing data stems from Google’s Safe Browsing technology, which was established in 2006 to examine billions of URLs each day to find unsafe websites. These unsafe sites, Google said, generally fall into two categories: malware sites, which use code to install malicious software on users’ computers; and phishing sites, which fake their legitimacy while trying to trick people into giving their user names and passwords or other private information online.

As of June 16, for instance, the company’s Safe Browsing program had detected nearly 42,000 malware sites per week, according to data Google released Tuesday. For phishing sites, the rate clocked in at roughly 26,000.

Concerns over online security have been heightened in recent months following a spate of cyberattacks carried out against major companies such as The New York Times and the Jeep car company on sites like Twitter.

Google’s thinking is that by providing details about these sorts of threats, “we hope to shine some light on the state of web security and encourage safer web security practices,” the company said in its report.

Google Safe Browsing is currently used by some 1 billion people, the company said. The service shows warnings when users navigate to unsafe websites while using the Google Chrome, Mozilla Firefox and Apple Safari browsers.

With the new figures, people can see how many Safe Browsing warnings are delivered to users each week (more than 88 million as of June 16); where malicious sites are hosted around the world (Europe is a bit of a hotbed); how quickly websites become reinfected after malware is removed (the rate “rises dramatically,” due to periodic rescanning of infected sites, Google said); and other tidbits like webmaster response time.

“We’re always looking for new ways to protect users’ security,” said Google software engineer Lucas Ballard in a blog post announcing the data.

Users can report websites suspected of hosting or distributing malware here, or a suspected phishing site here, Google notes.

The report also includes a section on “notable events,” which details some specific security incidents that are responsible for the larger trends contained in the report. Earlier this month, for instance, a campaign targeting vulnerabilities in Java and Acrobat Reader infected more than 7,500 sites, resulting in more than 75 million Safe Browsing users to receive malware warnings.

As part of its larger transparency report, Google last released numbers on data removal requests in April, when they spiked to over 2,000.

Zach Miners covers social networking, search and general technology news for IDG News Service. Follow Zach on Twitter at @zachminers. Zach’s e-mail address is zach_miners@idg.com