In my day-to-day work, we analyze millions of files every day, and it's well-known and well-utilized detection evasion techniques to host and serve malware from "trusted" websites. It's so widespread that I did extensive research on that issue. There are well-known apps with $Ms in funding and revenue with a plethora of malware hosted on their servers. Some are even used as C2 servers for data exfiltration. I see an increasing number of companies proactively blocking all traffic to those notorious sites to increase overall network security.
The outcome of my research was the following:
- Disjointed content moderation and cybersecurity departments: Not many companies have content moderation teams equipped to perform malware analysis or make cybersecurity-related decisions (the only company that does an exceptional job in this regard is Meta).
- If hosting malware doesn't impact the company's revenue and reputation, the content moderation team has other priorities.
- Section 230: Companies will refer to Section 230 when asked about hosting malicious content or scanning the content for potential malware.
I see a few false positives. It appears that unsigned software is being labeled as malware, and as grayware on some pages.
Unsigned software is not malware or 'grayware'. It's not inherently malicious.
I'm also seeing coin miners being labeled as malware. They often are, but I'm sure there are misclassificatons along those lines as well in this dataset.
tomashertus|1 year ago
The outcome of my research was the following:
- Disjointed content moderation and cybersecurity departments: Not many companies have content moderation teams equipped to perform malware analysis or make cybersecurity-related decisions (the only company that does an exceptional job in this regard is Meta).
- If hosting malware doesn't impact the company's revenue and reputation, the content moderation team has other priorities.
- Section 230: Companies will refer to Section 230 when asked about hosting malicious content or scanning the content for potential malware.
Sephr|1 year ago
Unsigned software is not malware or 'grayware'. It's not inherently malicious.
I'm also seeing coin miners being labeled as malware. They often are, but I'm sure there are misclassificatons along those lines as well in this dataset.
billwashere|1 year ago
https://news.ycombinator.com/item?id=40097818
unknown|1 year ago
[deleted]