Malicious web sites have become increasingly sophisticated and difficult to detect and block over the past four years, and many anti-virus engines suffer significantly from false positives and negatives, according to new research from Google.
The web firm has been blocking threats in the cloud via its Safe Browsing feature for over five years, and has analysed four years of that data to build the Trends in Circumventing Web-Malware Detection report (PDF).
The analysis covers around 160 million web pages hosted on approximately eight million sites, and Google flashes around three million malware warnings to over four hundred million computer users every day.
Social engineering attacks, where the malware is typically disguised as an anti-virus product or browser plug-in, have increased significantly, the report found, although they still comprise only two per cent of all sites distributing malware.
Much more common are IP cloaking and drive-by downloads, in which the attacker often switches exploits to avoid detection.
The report concludes that none of the tools used by Google to spot malware - virtual machine client honeypots, browser emulator client honeypots, classiﬁcation based on domain reputation, and anti-virus engines - is effective in isolation.
"In operational settings, anti-virus engines also suffer signiﬁcantly from false positives and false negatives. Finally, we see a rise in IP cloaking to thwart content-based detection schemes."
Google's ability to spot and clamp down on malware attacks was called into question earlier this week when Imperva released research claiming that hackers could be generating more than 80,000 search queries a day using botnets to identify the most vulnerable targets on the web.
Imperva urged Google and other search engines to improve their network traffic inspection and anti-automation tools.
Small Texas cable firm alleges foul play
Facebook will join fores with UK NGOs to tackle hate speech on the social network
A survey of local authorities has found that they face challenges in the areas of data, compliance and mobility.
More than 800,000 home users could be affected