GENEVA — A more comprehensive and serious level of cooperation among industry leaders is needed to help stop the scourge of malicious Web ads and botnets that result from the infected PCs, a top Google executive said Wednesday.
Eric Davis, the head of anti-malvertising at Google, speaking to a packed room at the Virus Bulletin 2009 conference here, said that even with the huge level of influence Google has on the Web, the company can’t go it alone in trying to prevent malicious ads from finding their way onto search result pages and other Web sites. Instead, he suggested that an industry-wide coalition comprising ISPs and other concerned parties could have a major effect on the epidemic of malicious ads.
“I would love to see a clearinghouse that would certify ad servers, for example,” Davis said. “A third party that would help people identify authorized advertisers. But that would require industry-wide participation.”
Davis cited as an example the Australian Internet Security Initiative, a government-sponsored program in which a third-party clearinghouse helps identify PCs that are infected with malware. The clearinghouse, known as the Australian Communication and Media Authority, then notifies the appropriate ISP, which notifies the customer of the infection and helps the customer remedy the problem. About 90% of Australian ISP customers are covered by this initiative right now, despite the fact that it’s a voluntary effort, Davis said.
“I think it’s fantastic and I don’t think it’s something most people thought was possible,” Davis said. “They’re setting a standard here and there’s strong data that this is good for security.”
Malicious Web ads, which have been showing up on legitimate Web sites and in Google search results for some time now, have become a serious problem, not only for Google and other search providers, but also for sites that rely on ad syndication networks and third parties for the ads they display. Scammers routinely use these ads to direct users to malicious sites, phishing sites and other undesirable destinations, often as part of phishing and identity theft schemes.
The domains that these scammers use often are hosted by so-called bulletproof hosting providers who turn a blind eye to what goes on on their servers. But attackers also use legitimate hosting services sometimes, and though ISPs make efforts to remove these domains when they’re discovered, the scammers simply move to another provider as quickly as possible. Davis said this effort also could do with some help.
“Industry-wide focus is the best opportunity we have to deal with this,” Davis said. He suggested the creation of a third-party organization that would track malicious domains and help legitimate hosting providers avoid re-registering these domains.