It's becoming more difficult to identify malicious websites, said Google (NASDAQ: GOOG) in a new report it published on Wednesday.

According to statistics from Google, the company displays 3 million warnings about unsafe websites to 400 million users a day to browsers that implement its Safe Browsing API. This is made possible by a Google-developed system that examines websites for malicious content.

Various strategies are employed here, including browser emulation or virtual machine honeypots that simulate a visit to a website, ranking a website based on the reputation of its hosting infrastructure and the use of antivirus software.

The report is the culmination of analyzing four years of data on evasive techniques used by malware distributors to mask malware-laden websites from its Safe Browsing initiative and similar efforts. This includes the use of code obfuscation or social techniques that request a mouse click before unleashing the malicious payload.

In addition, a well-known weakness of AV vendors allows malware sites to stay one step ahead. The report noted that this is related to how cybercriminals "can use AV products as oracles before deploying malicious code into the wild." 

Google noted that results of its research indicate how "exploit delivery mechanisms are becoming increasingly complex and evasive," though it concedes that the adoption of a multi-pronged approach can help improve detection rates. You can read the report's executive summary on the Google Online Security Blog here or the full report titled "Trends in Circumventing Web-Malware Detection" here (.pdf).

For more:
- check out this article at Dark Reading
- check out this article at MSNBC
- check out this article at Network World

Related Articles:
Google Chrome OS vulnerability revealed at Black Hat
Insurance: The answer to the cloud?
Citigroup breached by simply altering URL; now admits 360k accounts hacked
Does Apple have what it takes to tackle 'Mac Defender' malware?