Currently 56 percent of malware threats against Gmail users come from Microsoft Office documents, and 2 percent come from PDFs. In the months that it's been active, the new scanner has increased its daily malicious Office document detection by 10 percent."Ten percent matters," Bursztein told WIRED. "We're trying to close the gap as much as possible. We want to keep adding machine learning everywhere we can, where it makes sense. Machine learning does amazing things sometimes, but sometimes it’s overhyped. We try to use it as an extra layer rather than the only layer. We think that works way better."
The document analyzer looks for common red flags, probes files if they have components that may have been purposefully obfuscated, and does other checks like examining macros—the tool in Microsoft Word documents that chains commands together in a series and is often used in attacks. The volume of malicious documents that attackers send out varies widely day to day. Bursztein says that since its deployment, the document scanner has been particularly good at flagging suspicious documents sent in bursts by malicious botnets or through other mass distribution methods. He was also surprised to discover how effective the scanner is at analyzing Microsoft Excel documents , a complicated file format that can be difficult to assess.
The latest on artificial intelligence , from machine learning to computer vision and moreThough a 10 percent detection increase may not sound like a lot, it's a massive improvement at the scale Google is working on, and any gains are productive given that the threat of malicious documents is a real concern around the world. Bursztein says that companies and nonprofits are three times more likely to be targeted by malicious documents than other organizations, and that government entities are five times more likely. Some industries are more likely than others to be targeted, as well. Transportation and critical infrastructure utilities, for example, have a much higher risk than the education sector.
The prevalence of malicious document attacks varies around the world, but for attackers the approach is always an option. Bursztein points out that kits for crafting malicious documents and tailoring them to evade antivirus scanners are readily available in online criminal forums, ranging in price from about $400 to $5,000.
While the scanner is catching more malicious documents than ever, Bursztein and his colleagues will continue to refine it in the hopes of blocking an even bigger chunk of the malware sent to Gmail accounts worldwide.
"Malware is something we did after spam and phishing, because malware is a bit harder," he says. "We don't have the malware itself in an email; the documents are all we have at that point. But we always want to improve our detection capabilities and with malicious documents we chose the one where we could make the most impact for our users."When a full-blown hack is just a rogue Word document download away, users will take whatever extra protections they can get.
- Algae caviar, anyone? What we'll eat on the journey to Mars
- Deliver us, Lord, from the startup life
- A code-obsessed novelist builds a writing bot. The plot thickens
- The WIRED Guide to the internet of things
- How to
- 👁 The secret history of facial recognition . Plus, the latest news on AI
- 🏃🏽♀️ Want the best tools to get healthy? Check out our Gear team’s picks for the best fitness trackers , running gear (including shoes and socks ), and best headphones