Slashdot Mirror
Google Purges Thousands of Malware Sites
Stony Stevenson sends in word on the most massive "SEO poisoning" seen to date. The attack was directed at Google in particular and resulted in tens of thousands of Web pages hosting exploits showing up on the first page of Google searches for thousands of common terms (PDF). Sunbelt Software blogged about the attack on Monday after investigating it for months. By Wednesday Google had removed tens of thousands of malware-hosting pages from its index.
http://news.bbc.co.uk/1/hi/technology/7118452.stm
The sites were targeting IE exploits.
Sounds good, I'm glad someone is actively trying to make the internet a safer place for people in general, as well as cleaning up search pages for people who can spot malware sites from the search engine. This is also good for Google, thanks to their fantastic business model: "the more people who use the internet on a regular basis, the more money we make".
Yay! No more Malware, I always hated gettng horrible search results that hosted these things. I am glad that Google said to them, "All your base are belong to us" or maybe, "Resistance is Futile" is more along the lines I am looking for. When will their crawlers automatically disqualify ALL sites that contain malware though? That would be nifty.
-- Josh
"Whoopie! Man, that may have been a small one for Neil, but that's a long one for me!" - Pete Conrad
Recently (end of October) Google reordered some of their sites and dropped the PageRank on many (mine included) there was a blog post about it here. My PageRank suffered immensely dropping from an overall high of 6/10 to the now 3/10. The most noticeable difference for me was that for the next two weeks (and the first time ever) I was no longer the #1 hit for: Bill Roehl, "Bill Roehl", or any variation thereof. Not only that but the first result from Google wasn't even for my root page, it was for some post I had underneath. I found that to be very odd.
Now, while I was digging through the Google results to find out why this could have possibly happened (prior to reading the blog post linked above) I found tons of SEO spam sites that my site had been linked from. I had never seen that many junk results returned before and was surprised they were getting through. I was seriously concerned that they had something to do w/my ranking drop.
At least Google is getting back on track dumping those bastards. While most people probably don't change their default settings to see anything more than the first 10 results, I am constantly looking through the first 100 on various searches and have seen more and more of that. I was wondering if some of the claims of Google's drop from #1 would imminent if something didn't change.
...welcome any move towards private pwnership of IE users.
Google had removed tens of thousands of malware - hosting pages from its index.
Wierd, usually it's tha pages that are hosting malware, rather than the other way around. OW! Stop hitting me!
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
.. do not look like random words from a generator. They look targetted too with all the references to Microsoft software, Cisco, VPN. But then .. "train a dog to fetch" and "go go go go go go go go go go go"?
Anyone have any ideas as to why and how they made that list?
/* Time flies like an arrow, but fruit flies like a banana */
For those of you, like me, who did not immediately recognise this TLA, it stands for Search Engine Optimization.
Sounds like net censorship to me! What if I wanted to visit those malware sites?
For the startings to a cure, see here:
http://slashdot.org/comments.pl?sid=373765&cid=21513421
liqbase
They are marketing towards the pointy haired crowd?
The pdf contains a list of 2161 popular Google search terms. This is an SEO wet dream. Thanks!
It is dangerous to be right when the government is wrong.
I, for one, welcome our new IE pwned overlords!
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
Is it just me or do the first five pages of "common terms" in the PDF contain the term Excel, and then the next four pages contain the term vpn? It seems to me there were two common terms in these first nine pages with random words tacked on.
"if u a dog go fetch"
Google employees are quick to jump on Slashdot stories and get their spin and mods in. The "Go Google!" posts are coming in quick. The fact is that the first page of Google results has as much spam today as an AOL inbox back in 1995. The results have turned to junk.
Wide awake.
tech support. Now what're we supposed to do over the holiday season? Boxshift?
Operation Guillotine is in effect.
From the summary: tens of thousands of Web pages hosting exploits showing up on the first page of Google searches for thousands of common terms
So, how do you tell the difference between this and any normal Google results page?
That's not Picasso, that's Kandinsky!
Well, they may be getting back at them, but...
Ironically, Google itself refused to confirm or deny that it had cleansed its index of the more than 40,000 malware hosting sites, or even that they had existed. "Google takes the security of our users very seriously, especially when it comes to malware," a company spokeswoman said today in an e-mail. "In our search results, we try to warn users of potentially dangerous sites when we know of them. Sites that clearly exploit browser security holes to install software, such as malware, spyware, viruses, adware and Trojan horses, are in violation of the Google quality guidelines and may be removed from Google's index."What is Google afraid of? That their stock price will plunge if everyone finds out they were manipulated by malware sites?
GetOuttaMySpace - The Anti-Social Network
Personally, I'm comfortable with the fact that I'm only the second-best me out there. Let that other fella have his glory, because I'm never going back to the Rob Vincent Academy. I'm not going into it here, but those bastards Rob, Rob, and Rob know why.
Slashdot Burying Stories About Slashdot Media Owned
It had nothing to do with that. The two sites that outranked mine were pointing back to me. That's why it made no sense.
...if my eyes and brain RTFA correctly. I recognize Google is the big(gest) player, but it's not like the purveyors of fine malware focused exclusively on Google and Google alone. It's in TFA if you're willing to take a look-see.
Please don't use "umm" or "err" or "erm".
dropped the PageRank on many (mine included)
/. ''homepage'', as they did with mine (for whatever reason).
They also removed your
search
CC.
TaijiQuan (Huang, 5 loosenings)
No doubt that something like this has money behind it. And while Yahoo will profit from it, they have ethics. OTH, Gates has proven that he has none and anything goes. I wonder if this originated in some bastard SCO operation.
Your website hurts my eyes...
I never noticed that in my results before.
Hmmm, it's been about seven years since my browser looked like this. What does that blog say about it?
Those are all Microsoft Windows problems but neither of those words shows up anywhere in the articles. Instead, Google and the user are blamed. Nice.
The less Windoze there is, the better off everyone is. Malware links are an annoyance to everyone and they directly threaten Google's business model. Google is taking care of their search listings, not making the internet safe for crappy software. We would all be better off without the crappy software that powers criminal botnets powerful enough to manipulate Google but the internet will never be a safe place for Windows.
Friends don't help friends install M$ junk.
What about the rights of those spammers? They're living in an impoverished third world country (Russia) and are just trying for a better life. They're no different than the home shopping network or eBay.
And you won't tolerate them. You deny them their civil rights. You deny them their FREEDOM OF SPEECH!
This is outright Stalinism. It's not their fault fat, stupid, bored, lonely Americans will buy products geared toward the intelligence of a labrador. They're just trying to feed their families... to be part of the AMERICAN DREAM.
You Stalinists and your purges, your nights of the long knives, you're endangering the freedom of all of us. If you purge spammers from Google, the terrorists win.
well, that will throw the compliance ladys for a trip.
sweet
I should move to F@%*$&% Canada.
They seem to consider the link from there as 'spam' as they seem to have removed all those who link to a page, even a fellow who links to debian. Twenty years down the road they consider which words are appropriate and which are to be avoided (of course based on an objective a sophisticated semantic weighting scheme(tm)) to get indexed.
CC.
TaijiQuan (Huang, 5 loosenings)
For many months I have been using "Site Advisor", still free from McAfee. It works perfectly with FireFox. I searched for "Advisor" and did not find mention of it in these articles, but I would be surprised if any of these sites earned that nice green dot which I find so reassuring, am I wrong to be so reassured ?
Let me create a blacklist of domains that are never shown on search results.
This would then include the sites: *.cn
which would include:
bucket.rabbitexothermicsoup.cn
flight.othersittingport.cn
aggressive.xeroxmaneshop.cn
Also the top 40 search result domains for 'geforce 8800gt review' or any other product, the content of which is typically:
Reviews for Geforce 8800GT: (0)
Click here to write your review for Geforce 8800GT
have no fear, you'll soon be back and better than ever! Bill Roehl is now being searched more than ever thanks to slashdotters.
If your browser looked like that then I'm pretty sure PEBKC, because mine sure as hell never did.
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
That's my advice as part of the solution to cut down on malware. Of course there are millions of .com malware sites, but you can't just cut out .com. On the other hand with rare exception, most people can without penalty stay away from .cn sites.
If you wanna get rich, you know that payback is a bitch
Still waiting for the day when Slashdot stops posting articles about exploits that have no mention of the OS in the summary...
This guys has been posting Goatse for days. Can we get a ban here?
Actually, I've already regained the top spot within a few weeks of that PageRank drop. My post was just talking about the general weirdness that was occurring around that time.
;)
There have only been 12 Google Searches for [B|b]ill [R|r]oehl today though. Not nearly enough to stroke my ego
I think noticing that Google gets the burden of squashing spyware sites that exploit Internet Explorer without ANY mention of MS or IE is a unique perspective.
Fact: Everything I say is fiction.
After reading this, I immediately checked to see if Google had fixed their open redirector. No, they haven't, and there are six exploits of it listed in PhishTank. Google needs to turn that off. If they absolutely insist on having an open redirector, it needs its own subdomain, which is what Yahoo does. Then the subdomain can be blacklisted without collateral damage.
Phishing via exploits of major sites is a big problem, but involves a small number of major sites. 168 major sites today. The usual exploits are:
Out of 1.6 million domains in DMOZ, and over 10,000 phishes in PhishTank, only 168 domains are in both. So the number of sites that need to be fixed is small. In fact, some of those sites are already fixed, but the entries haven't been removed from PhishTank yet. (Hint: if you kill a hostile page on your domain, make it a 404 error; that gets the page out of PhishTank's "active and online" list automatically. Don't just change the content or redirect it somewhere else, or it stays in the tank until somebody rechecks it manually, which can take weeks.)
For every site in the list, there's some competitor in the same business who isn't on the list. "Everybody has this problem" isn't a valid excuse any more. This is a useful point to make with management if you find your own company on the list.
This list of 168 exploited sites is updated automatically every three hours. There's also a list of sites recently removed from PhishTank. "n-insanity.com", "tropmet.res.in", "wsjob.com" were dropped from the list today; they no longer have active, online entries in PhishTank. "gentlesource.com", "t35.com" (an eBay phish), "tilapia.com" (another eBay phish), and "uic.edu" (already fixed) were added; they just appeared in PhishTank. If you have any responsibility for a site on the list, please take steps to fix the problem. If you're not part of the solution, you're part of the problem.
... thousands of malware sites abandon Google and take their business to MSN Search.
Have gnu, will travel.
Maybe I'm just too damn logical, but if someone types in "microsoft" and "free" in the same search query, I'm sure as hell expecting them to get malware in their results....
--
X's and O's for all my foes.
My older daughter is the only person that comes up when I google her "Firstname Lastname". I wonder if that means she'll hate me for giving her a weird name, or thank me because the URL is still available.
It's not wasting time, I'm educating myself.
Can they get rid of Swik.net while they're at it? I loathe that damn site.
Yes, I am a smart ass; it's better than the alternative.
It's not Google's burden to quell IE (or Firefox, Opera, etc) exploits.
No-one said it is.
It is however Google's burden to quash spyware sites that exploit loopholes and weaknesses in Google's ranking and indexing algorithms that allow such malware to effortlessly make it to the front page of search results for any thousand of subjects.
I encounter many namespace collisions, unless I go full out and include my middle name. On the other hand, since I married a Jewish girl, coming up with distinct identifiers for my future children will be easy and not even require some stupid 'take a common name and spell it wrong' kind of thing. I mean, how many Jacob Kanodias can there be in the world?