Change Agent: Google Introduces Filter That Blocks Evolving Botnets

fightforfraudGoogle is upping its defenses against ad fraud to take on three malware families.

The offenders include Bedep, plus two previously unknown entities internally code-named Beetal and Changthangi, which are named for goat species. Read the blog post.

Google has developed a filter – now available for advertisers using DoubleClick Bid Manager (DBM) and Google Display Network (GDN) – to block traffic from these families.

Ads with malware infect computers, turning them into web-surfing, ad-viewing bots; a collection of infected computers is called a botnet. The three malware families Google is guarding against are responsible for 500,000 infected machines.

“That factor in and of itself went a long way into our prioritization of that malware,” said Andres Ferrate, Google’s chief advocate for ad traffic quality.

Ferrate works within Google’s 100-plus ad quality team. (One imagines a bard singing epic poems about ad fraud whilst strumming on a lute.) As per Google’s Bad Ads report in January, the company also has more than 1,000 people globally fighting against bad ads.

Google’s new filter is designed to guard against Bedep, Beetal and Changthangi, despite their shifting patterns.

“Malware families evolve over time,” Ferrate said. “As they’re trying to mimic human behavior, their patterns might change.”

He didn’t want to say too much about how exactly the filter works for fear of divulging information to bad actors.

“We use a combination of multistage analysis to really understand this malware inside and out,” Ferrate said.

The filter takes this analysis to Google’s computational infrastructure and applies it toward blocking the three malware families. Ferrate declined to say which browsers or operating systems are most affected by the three malware families. Google, of course, owns its own browser, Chrome.

“There are a variety of reasons I can’t divulge,” he said. “I can’t talk about other platforms or products.”

Exploit kits – which are the vehicles that install malware – primarily affect Windows users, said Jérôme Segura, a senior security researcher at Malwarebytes Labs, in a previous interview with AdExchanger.

“Not just those using the Internet Explorer browser – there are some for Firefox as well,” Segura said at the time. “But the vast majority of computers susceptible to being exploited are Windows computers with IE.”

Macs and mobile devices aren’t necessarily safe either, though often malware for those systems require social engineering to get the user to initiate a download, rather than starting it automatically.

“Malvertisers use what’s available from each platform,” Segura said. “And that evolves with new vulnerabilities that are found.”

Google’s Ferrate noted that the company is proactively studying and analyzing malware on an ongoing basis.

“Given that we’ve been in the ad fraud-fighting business for over 15 years,” he said, “this change-resistant filter was about innovating and automating."


Add a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>