Every large Internet company has an online security team in place, and Google is no different. Now the search engine giant is going public. Yesterday, Google launched its new online security blog. The blog will post news on its little-known antimalware team, which, it turns out, has been in existence for about a year.
In its initial post, Google clarifies its now-famous one-in-10-Web-sites-are-malicious statement, derived from a presentation Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang, and Nagendra Modadugu gave at last month’s Hotbots 2007. Provos says the figure that is quoted in the media should be 0.1 percent (less than 1 percent) since the analysis used in the paper, “The Ghost in the Browser” (in PDF), covers several billion Web sites. From that number, presenters selected a subgroup of 12 million, of which 1 million were found to be engaging in drive-by downloads of malicious code. There’s also a colorful map in today’s post showing which countries are responsible for hosting compromised Web sites and distribution servers (the U.S. and China both appear bright red, with Canada and Russia coming in a close second on each map).