October 30–31, 2016: Training
October 31–November 2, 2016: Tutorials & Conference
New York, NY

Are we out of the woods? The current state of web malware

Kelly Harrington (Google)
11:20am–12:00pm Wednesday, 11/02/2016
Security in context (security datasci)
Location: Trianon Ballroom Level: Intermediate
Average rating: *****
(5.00, 6 ratings)

What you'll learn

  • Understand current threats on the Web, what Google is doing about them, and how other defenders can leverage the SB APIs to protect their own end users from malware, phishing, and deception on the Web


Good news: vulnerable browser plugins like Java and Flash are on their way out, and new browsers install security updates automatically. But are we out of the woods yet? Despite advances in security, there are still many at-risk users that are targeted by exploits. Add to the mix deceptive sites that lead to unwanted software with access to client systems beyond the wildest dreams of attackers, and the continued danger on the Web leaves the security industry breathless, end users with compromised systems, and bad blood all around. Kelly Harrington discusses how attackers are still trying to find success in 2016 and what Google Safe Browsing is doing to keep users safe and sound online.

Kelly reviews modern and treacherous drive-by download attacks that silently take over a user’s browser or even their local network infrastructure and explores social engineering-style attacks that trick users into revealing sensitive information or installing malware. Kelly concludes with a discussion of the thriving pay-per-install web vertical that leads users into installing unwanted software and extensions, when they just should have said no.

But shake it off, infosec defenders—in addition to outlining these threats, Kelly focuses on Google Safe Browsing’s efforts to make the Web safe and enable defenders like you to protect users, outlining technical advances and policy changes currently under way. Be fearless. . .Safe Browsing will work on this problem forever and always.

Photo of Kelly Harrington

Kelly Harrington


Kelly Hope Harrington is a senior software engineer on the safe browsing team at Google, where she focuses on detection of web-based threats and outreach to webmasters. In her 20% time, she coleads Google’s presence at the San Francisco Pride Parade. Kelly holds a BS in computer science from Carnegie Mellon University, where she took a special interest in computer security and linguistics.