Bing Malware Warnings Get More Specific

Microsoft’s Bing search engine has moved to make its malware warnings more specific, in the latest gesture by a search service provider to protect users from ever-more-dangerous online threats.

Dangerous websites come in many forms, and Bing said that by giving users a better idea of what threats might be present on a particular website they can better protect themselves.

More information

The search engine said it will also be giving webmasters more information on possible threats, to help them fix problems faster.

Previously, Bing used a generic warning for all sites that might be dangerous, but said it will now use specific alerts when users visit a phishing site or one that links to malicious code.

The phishing warning looks similar to the generic message, but alerts users that the site might be designed to steal information, Bing said. Phishing sites are fake sites designed to resemble legitimate ones.

“These sites catch people by taking advantage of a user’s trust in entering information such as passwords, usernames, and credit cards,” said Bing programme manager Chad Foster in a blog post. “This improvement enables webmasters to clean their site quicker by having stronger insights into why their site was flagged.”

Site operators will be notified of the problem if they use Bing’s Webmaster tool, and can ask the search engine to re-evaluate their site after making changes, the company said.

Malicious links

Bing said it will also distinguish between websites that can infect users simply by being viewed and those that contain links to malware but are safe to visit as long as those links aren’t clicked.

The warning looks similar to the generic message, but Bing will now give site operators more information on which links are causing the warning through the Webmaster tool.

“Clicking (View), under Additional Details, displays the path to the malicious binaries,” Foster wrote. “Removing the harmful links leads to the warning being removed.”

He acknowledged that in many cases site operators might not be responsible for their site being flagged for malware, and said the new messages are intended to help webmasters fix problems more easily when they arise, while keeping users better informed.

Phishing on the rise

A Google study in April found that nearly 800,000 websites around the world were newly compromised over a one-year period, equivalent to 16,500 per week, resulting in malware being planted on those sites.

Google warns users when they visit such sites but it found that when it contacted affected web administrators directly via email, the communication led to an improvement in the proportion of sites that were re-secured.

A Verizon report in April found that phishing attacks over the past year were more successful than ever, with 30 percent of phishing messages being opened, up from 23 percent the previous year.

Thirteen percent of those incidents resulted in malware of some kind being installed, Verizon said.

Last month the Anti-Phishing Working Group (APWG) said it had found a sharp rise in the number of web addresses used for phishing attacks.

While most of the 123,000 addresses used by phishers in March 2016 were hosted on hacked websites, many seemed to have been generated quickly in order to evade phishing-detection systems, the APWG found.

The figure was more than double the 48,000 addresses used in October of last year, according to the APWG.

Are you a security pro? Try our quiz!