Website embedded Trojan attacks can destroy browser security; in many cases, when a website embedded Trojan attack is implemented, it will load a malicious website via <script>, <iframe>, etc., in a normal web page. Besides website embedded Trojan, there are various phishing and scam sites that could be dangerous to users. In order to safeguard users from such websites, browser manufacturers have launched applications to stop execution of a malicious URL but again most of these security measures depend on the blacklist.
Stopping malicious websites from opening can be simple. Usually, the browser periodically obtains an updated blacklist of malicious URLs from the server; if the users try to access a URL on this blacklist, the browser will return a warning page.
To identify these two kinds of sites, we need to establish many page characteristics based models, but these models are obviously not suitable to put on the client side, because it will enable the attackers to analyze, research, and bypass the rules. In addition, as browsers always have a huge user base, collecting users’ visiting history also is an infringement of privacy, and the data quantity is too huge.
Because of these two reasons, browser vendors now mainly push the blacklist of malicious urls, which the browser blocks. It’s rear to retrieve data from browser or build models at the user’s side. Nowadays browser vendors work more with professional security vendors and use blacklist from these vendors or organizations.
Major browser vendors, such as Google and Microsoft, with strong R&D have lots of user data; they have their own security teams to conduct malicious website identification to obtain a blacklist. Blacklists are one of the core competencies for search engines as well.
PhishTank is an organization that provides free malicious URL blacklist, which receives contributions and updates from volunteers around the world.
Similarly, Google has also publicized its internal SafeBrowsing API, and any organization or individual can obtain the malicious URL blacklist. Apart from blocking websites on the blacklist, major browsers are beginning to support the EV SSL Certificate (extended validation SSL certificate) to enhance the identification of safe websites. EV SSL certificate is the global’s digital certificate issued by institutions with browser vendors and together create the enhanced certificate, its main feature is the browser will give special treatment to the EV SSL certificate. EV SSL also follows the standard of X509 certificate and forward compatible with ordinary certificate. If the browser does not support EV mode, then we can make the EV certificate as a ordinary certificate; If the browser supports (need a new version of the browser) EV mode, it will be noted it in the address bar. Therefore, if a website uses the EV SSL certificate, the address bar will turn green indicating that it is a legitimate site. This will help users in identifying and blocking phishing sites.
Although many users are not aware of this feature of browsers, the EV SSL certificate is widely used by websites. In the future, the popularity of EV SSL certificate authentication is expected to increase.