About the Event
Web malware is a problem users on the Internet encounter with increasing frequency. Besides often negatively affecting a user's experience on the Internet, malware can also lead to financial loss and other harm. Over the last few years, Google has built a detection infrastructure that automatically identifies malicious web sites and warns users when visiting them. Inevitably, this has led to an arms race in which adversaries have changed their approach to increase the difficulty of detecting their activities. This talk explores different areas in which the deployed malware detection system had to adapt to adversaries changing their strategies. Examples range from referer cloaking, search engine optimization, and advertising to moving from exploiting vulnerabilities to social engineering tactics. The examples illustrate how insights can often only be gathered once a system has been deployed at large scale.