Google Chrome Feature Targets Malicious Windows File Downloads

Its plan is to offer a new warning mechanism to Chrome users based on the Google Safe Browsing API, which is already being used by several browsers to warn users about potentially malicious sites. With the new feature, Chrome will leverage Safe Browsing’s list of dangerous sites to alert users when they may be downloading suspicious executables.

“Safe Browsing has done a lot of good for the web, yet the Internet remains rife with deceptive and harmful content,” blogged Moheeb Abu Rajab of Google’s security team. “It’s easy to find sites hosting free downloads that promise one thing but actually behave quite differently. These downloads may even perform actions without the user’s consent, such as displaying spam ads, performing click fraud, or stealing other users’ passwords. Such sites usually don’t attempt to exploit vulnerabilities on the user’s computer system. Instead, they use social engineering to entice users to download and run the malicious content.”

The new feature, he explained, will show a warning for any download URL that matches the latest list of malicious sites published by the Safe Browsing API. For now, the feature is focused on flagging malicious executables for Windows, and is being rolled out to a small subset of Chrome users that subscribe to the Chrome development release channel. The feature is expected to be made available to all Chrome users in the next stable release.

The new feature follows a move by Microsoft to take on malicious downloads in Internet Explorer 9 (IE 9) by adding new integration between its Download Manager and SmartScreen filter. IE’s SmartScreen filter was introduced in IE 8, and checks Websites against a list of known phishing and malicious sites in order to warn users. The integration with Download Manager, Microsoft has said, is meant to use reputation to remove unnecessary warnings for well-known files while showing more severe warnings for downloads with a higher risk of being malicious.

“This could be a very valuable technique for protecting users of Google Chrome against threats like fake anti-virus,” blogged Chester Wisniewski, a senior security advisor for Sophos. “Often there are many, many sites, some of which are not blacklisted in Safe Browsing, but they all point to the same location for the actual malware download.”

“By adding support for these known malware destinations they will reduce the number of infections for users using Chrome,” he added.