Google’s new filter is designed to guard against Bedep, Beetal and Changthangi, despite their shifting patterns.
“Malware families evolve over time,” Ferrate said. “As they’re trying to mimic human behavior, their patterns might change.”
He didn’t want to say too much about how exactly the filter works for fear of divulging information to bad actors.
“We use a combination of multistage analysis to really understand this malware inside and out,” Ferrate said.
The filter takes this analysis to Google’s computational infrastructure and applies it toward blocking the three malware families. Ferrate declined to say which browsers or operating systems are most affected by the three malware families. Google, of course, owns its own browser, Chrome.
“There are a variety of reasons I can’t divulge,” he said. “I can’t talk about other platforms or products.”
Exploit kits – which are the vehicles that install malware – primarily affect Windows users, said Jérôme Segura, a senior security researcher at Malwarebytes Labs, in a previous interview with AdExchanger.
“Not just those using the Internet Explorer browser – there are some for Firefox as well,” Segura said at the time. “But the vast majority of computers susceptible to being exploited are Windows computers with IE.”
Macs and mobile devices aren’t necessarily safe either, though often malware for those systems require social engineering to get the user to initiate a download, rather than starting it automatically.
“Malvertisers use what’s available from each platform,” Segura said. “And that evolves with new vulnerabilities that are found.”
Google’s Ferrate noted that the company is proactively studying and analyzing malware on an ongoing basis.
“Given that we’ve been in the ad fraud-fighting business for over 15 years,” he said, “this change-resistant filter was about innovating and automating."