Bing contributes to SIR6

Here at Microsoft, the fun is not just working on interesting projects but sharing interesting results across groups to help our users. And when this information exchange is in the area of security, you just feel elated that you have done the right thing. Thanks to our friends at Microsoft Malware Protection Center (MMPC), we were able to publish some interesting data analysis for the security community through Microsoft’s Security Intelligence Report (SIR).

Bing and Search Security

We at Bing believe that search security is one of our top priorities. Our search offering to warn users of Drive-By-Download URLs in their search results has received excellent customer feedback. We detect over 1M Drive-By-Download URLs on an average every month.

What have we noticed in Bing?

We have been closely monitoring and analyzing the data after we shipped the feature to detect Drive-By-Download URLs in Bing index. We have summarized what we think is the most interesting data on Drive-By-Downloads and their effect on Bing. Some key takeaways from our data analysis:

  1. Analysis of local and global TLDs of Drive-By-Download URLs: The risk of Drive-By-Downloads is not spread equally among internet users worldwide. Users in some part of the world are more at risk than in other parts. The top local and global TLDs hosting Drive-By-Download pages are given below.
  2. Analysis of Network Operators: If we analyze a level deeper than TLDs, we can figure that more than half of Drive-By-Download pages are hosted by just 10 network operators – 6 in China, 3 in US and one in Russia.
  3. Analysis of exploit servers: The top 12.8% of exploit servers (servers that host the malicious code that infect the Drive-By-Download URLs) accounted for 84.1% of Drive-By-Download pages. From our analysis, majority of Drive-By-Download URLs are often hacked to pull in exploit code from exploit servers that end up attacking end users

Top local TLDs affected

% of sites hosting

Drive-BY-Download pages

Top global TLDs affected

% of sites hosting

Drive-BY-Download pages

.fk

2.27%

.name

0.23%

.rw

1.92%

.edu

0.19%

.gf

1.38%

.net

0.19%

.cn

1.03%

.info

0.11%

.cd

0.96%

.org

0.11%

.kg

0.68%

.com

0.09%

.mk

0.64%

.travel

0.04%

.kw

0.62%

.gov

0.01%

.ge

0.56%

 

 

.kr

0.27%

 

 

.in

0.25%

 

 

.ru

0.22%

 

 

.us

0.12%

 

 

You can download the entire SIR report from http://www.microsoft.com/downloads/details.aspx?FamilyID=aa6e0660-dc24-4930-affd-e33572ccb91f&displaylang=en

How can you help Bing?

Please report sites that you think may be malicious using Bing feedback.

We’re committed to protecting our users from the attacks of today and the attacks of the future.  Please stay tuned for more blogs on our security projects.

~Sasi Parthasarathy, Bing Index Quality Group

Share on twitter Share on facebook Share on linkedin Share on linkedin