Malicious vs Objectionable: Distinguishing Malicious Site Content From Objectionable Site Content
Both malicious site content and objectionable site content may be harmful, potentially dangerous and threaten the safety of online users. Some online content really pushes the boundaries of what is globally perceived as socially acceptable behavior, leading to some confusion around where the lines are drawn. There are, however, very clear distinctions between what constitutes malicious vs objectionable content — the easiest differentiator being that malicious site content is always malicious, regardless of any cultural biases or perception. Malicious is black or white, whereas objectionable is hundreds of shades of gray.
The ability to distinguish between a malicious site content vs objectionable site content is a core functionality in driving zvelo’s mission to make the internet safer and more secure by enabling our partners to deliver best-in-class safety and security applications. zvelo’s URL categorization engine classifies sites for content, malware, phishing, adult and other web content which spans about 500 categories. The data is integrated through our partner networks, covering more than 600+ million end users, for various security applications including web and DNS filtering, parental controls, cyber threat intelligence and research, brand safety and contextual targeting and more.
How zvelo Categorizes URLs
When an end user visits a website, webpage, article, image, etc. the respective zvelo-powered deployment is queried for that URL/location. When the location exists within the zveloDB, a category value is returned for use within the partner’s integration and the end user continues on with their web experience. If the location does not exist within the database (i.e. is not categorized), the URL/location is submitted to the zvelo network where appropriate processes are executed and webpage elements and content are analyzed/categorized.
Categories are prioritized according to a hierarchy with Malicious being the most critical, followed by Objectionable, and then everything else covered in our broad, topic-based taxonomy. To understand why Malicious takes a higher priority than Objectionable, this post explains the differences between Malicious vs Objectionable content.
Definition of Malicious Site Content
Malicious website detection is a critical capability for service providers, businesses and network security vendors because these are the threats which can compromise networks leading to data breaches, ransomware attacks, malware infections, etc. Real-time identification of URLs and IPs associated with threats and exploits are detected at the domain, subdomain, or full-path level, enabling the filtering or blocking of traffic to and/or from sites, pages or IPs classified as malicious, phishing, fraud, botnet or some other exploit from the different categories listed below.
- Ad Fraud
Sites that are being used to commit fraudulent online display advertising transactions using different ad impression boosting techniques including but not limited to the following, ads stacking, iframe stuffing, and hidden ads. Sites that have high non-human web traffic and with rapid, large, and unexplained changes in traffic.
Botnets are made up of a large number of compromised machines running software that has been installed by hackers to send spam, phishing attacks, and denial of service attacks. In many cases, these computers (called bots or zombies) have been infected unbeknownst to their owners.
- Command and Control (C2) Centers
Internet servers used to send commands to infected computers (could be botnets for Distributed Denial of Service (DDoS), Intellectual Property (IP) data exfiltration, ransomware, etc…). Examples of C2 channels used today include TCP, HTTP, HTTPS, DNS, DoH, ICMP, FTP, IMAP, MAPI, or SMB (great reference: https://www.thec2matrix.com/).
- Compromised Pages & Links To Malware
Compromised web pages are pages that appear to be legitimate, but house malicious code or link to malicious websites hosting malware. These sites have been compromised by someone other than the site owner. If Firefox blocks a site as malicious, use this category. Examples are defaced, hacked by etc.
- Cryptocurrency Mining
Websites that use cryptocurrency mining (“cryptojacking”) technology without seeking the user’s permission.
- Malware Call-Home
When viruses and spyware report information back to a particular URL or check a URL for updates, this is considered a malware call-home address.
- Malware Distribution Point
Web pages that host viruses, exploits, and other malware are considered Malware Distribution Points. Web Analysts may use this category if their anti-virus program triggers on a particular website.
Web pages that impersonate other web pages usually with the intent of stealing passwords, credit card numbers, or other information. Also includes web pages that are part of scams such as a “”419″” scam where a person is convinced to hand over money with the expectation of a big payback that never comes. Examples con, hoax, scam etc.
- Spam URLs
URLs that frequently occur in spam messages.
- Spyware & Questionable Software
Software that reports information back to a central server such as spyware or keystroke loggers. Also includes software that may have legitimate purposes, but some people may object to having on their system.
Definition of Objectionable Site Content
Objectionable content is used to identify inappropriate content, pornography, terrorism, violence, hate speech, drugs, fake news, etc. Much like Malicious detection, the ability to detect Objectionable content is crucial to web safety for vendors which provide services like web filtering, parental controls, or brand safety. However, unlike Malicious URLs, while Objectionable content may be offensive, it will not corrupt a device or system like viruses and other exploits — it’s simply content which may be perceived as inappropriate for certain age groups, within business environments, or across different cultures. While some sites which promote violence may be perceived as ‘malicious’ due to the nature of the content, it is only classified as Objectionable because it does not contain the type of threat which might compromise an organization’s network.
zvelo offers nearly 500 different categories with exclusive category mapping that provides seamless and transparent integration with an organization’s required taxonomies. Our global partner network represents a highly diverse audience of hundreds of millions of end users around the world. The Objectionable classification allows our partners to accommodate varying degrees of severity which can be easily adapted for cultural sensitivity. Much like the rating system applied to movies or television, zvelo breaks down the Objectionable mapping into three categories:
- Mature Audiences
Content which is created for adults and may not be suitable for children under the age of 17 due to explicit language, graphic violence, sexual activity, etc. The Mature category would include Pornography, Illegal Drugs, Criminal Activities, etc., — the sort of content which would earn a movie rating of R or NC-17.
- Audiences Aged 12+
Content which is created for a wide audience, though may not be suitable for children younger than 12 due to profanity, moderate violence, or even the nature of the topic. This would include content on Weapons, Body Art, Health, or other topics which may warrant a parental advisory label, or PG/PG-13 type of rating because it could be perceived as offensive and/or unsuitable depending on cultural or personal biases.
- All Audiences
Content which is created for widespread consumption by the broadest audience and includes everything from Local News, to Education, to Cooking, to Birdwatching — the type of content you would see through local network television programming. While this category doesn’t necessarily equate to a G movie rating, it does include the content categories which are unlikely to be perceived as offensive or inappropriate by the vast majority of the general public.
It’s important to understand that zvelo itself does not designate which objectionable categories are ultimately filtered or blocked. zvelo applies a classification for the type of content contained within a site or page, and the filtering or blocking of any particular classification or category is determined by the actual service providers.
zvelo offers zveloLIVE, a free URL lookup tool which allows users to check the status and category of a url. If there is ever a question about whether a site is Malicious vs Objectionable, users may use this at any time to ensure the sites they want to access are safe.