Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Purges Thousands of Malware Sites

Posted by kdawson on from the just-in-time-for-holiday-shoppers dept.

Stony Stevenson sends in word on the most massive "SEO poisoning" seen to date. The attack was directed at Google in particular and resulted in tens of thousands of Web pages hosting exploits showing up on the first page of Google searches for thousands of common terms (PDF). Sunbelt Software blogged about the attack on Monday after investigating it for months. By Wednesday Google had removed tens of thousands of malware-hosting pages from its index.

11 of 133 comments (clear)

  1. all your base by Kranfer · · Score: 2, Interesting

    Yay! No more Malware, I always hated gettng horrible search results that hosted these things. I am glad that Google said to them, "All your base are belong to us" or maybe, "Resistance is Futile" is more along the lines I am looking for. When will their crawlers automatically disqualify ALL sites that contain malware though? That would be nifty.

    --
    -- Josh
    "Whoopie! Man, that may have been a small one for Neil, but that's a long one for me!" - Pete Conrad
    1. Re:all your base by sm62704 · · Score: 4, Interesting

      When will their crawlers automatically disqualify ALL sites that contain malware though? That would be nifty.

      I don't think it would be possible. I linked to a turing test program I wrote called "art.exe" from my Artificial Insanity page that I hosted on another site I owned (which I since have let lapse). The only way a crawler would know that this program was benign was because it isn't listed in any of the antivirus lists of viral signatures.

      What would be nice is if Google would have its crawlers automatically check pages as they crawled. If there were any known malwars the page would be blacklsted. But there's no way I can think of to flag malware that hasn't been identified as such by humans.

      -mcgrew

      PS:)downside would be that you couldn't find microsoft.com (Foghorn Leghorn says...)
      PPS: I've been mulling over rewriting the Artificial Insanity program in javascript. But I'm having a hard time finding the time.

      --
      mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
    2. Re:all your base by Mathinker · · Score: 2, Interesting

      > When will their crawlers automatically disqualify ALL sites that contain malware though?

      Not possible; even disregarding the problem that other posters have raised, that the automatic recognition of novel malware is more or less impossible, most of the black hats setting up these sites have started to get really sophisticated and the servers can return different web pages based on IP addresses, and often never serve up exploits more than once to any given IP address.

      Like everything in the security game, it's cat-and-mouse.

    3. Re:all your base by Nossie · · Score: 3, Interesting

      I do agree... and maybe an independent body would just become corrupt like the rest of them BUT.

      In googles interest, they are a search engine and not a publisher and for that reason are not subject to the indexes of child porn and other illegal activity. Once google start going down the road of blocking spam and other malicious sites it could be suggested they lose the right of being an automatic aggregation engine.

      All the The pirate bay does is index pointer links, all google does is index pointer links -- one of them has a safe harbour in the US and the other does not. How long before Google itself loses its 'safe harbour' ?

    4. Re:all your base by halcyon1234 · · Score: 2, Interesting

      Easy enough. Google has access to a massive amount of IP addresses and computer resources. All they need to do is set up a whole bunch of virtual machines that have no protection on them at all. Those virtual machines can start visiting indexed pages (using a rotating set of IP addresses so the target website doesn't know they're being "tested"). If a machine gets infected, it will be very easy to spot. Something will have installed on that machine. A rootkit or a adware install is fairly obvious, even to a machine. If a VM changes, and the "infection" is machine identifiable, then that site should be dropped. If the machine gets installed on, but can't identify, that site should be flagged. At that point, a human Google engineer loads a VM, visits the site, and takes a human-look at what happened. If it's A Bad Thing, they drop the site and add the signature of the install to their Kill On Site list. Then the VM gets reset, and continues on.

      --
      UTF-8: There and Back Again
  2. They've also changed their PageRank for many sites by garcia · · Score: 5, Interesting

    Recently (end of October) Google reordered some of their sites and dropped the PageRank on many (mine included) there was a blog post about it here. My PageRank suffered immensely dropping from an overall high of 6/10 to the now 3/10. The most noticeable difference for me was that for the next two weeks (and the first time ever) I was no longer the #1 hit for: Bill Roehl, "Bill Roehl", or any variation thereof. Not only that but the first result from Google wasn't even for my root page, it was for some post I had underneath. I found that to be very odd.

    Now, while I was digging through the Google results to find out why this could have possibly happened (prior to reading the blog post linked above) I found tons of SEO spam sites that my site had been linked from. I had never seen that many junk results returned before and was surprised they were getting through. I was seriously concerned that they had something to do w/my ranking drop.

    At least Google is getting back on track dumping those bastards. While most people probably don't change their default settings to see anything more than the first 10 results, I am constantly looking through the first 100 on various searches and have seen more and more of that. I was wondering if some of the claims of Google's drop from #1 would imminent if something didn't change.

  3. The keywords .. by ninjeratu · · Score: 2, Interesting

    .. do not look like random words from a generator. They look targetted too with all the references to Microsoft software, Cisco, VPN. But then .. "train a dog to fetch" and "go go go go go go go go go go go"? Anyone have any ideas as to why and how they made that list?

    --
    /* Time flies like an arrow, but fruit flies like a banana */
  4. GOATSE I'M FEELING LUCKY REDIRECT by LiquidCoooled · · Score: 2, Interesting

    For the startings to a cure, see here:

    http://slashdot.org/comments.pl?sid=373765&cid=21513421

    --
    liqbase :: faster than paper
  5. A hidden gem by dotancohen · · Score: 5, Interesting

    The pdf contains a list of 2161 popular Google search terms. This is an SEO wet dream. Thanks!

    --
    It is dangerous to be right when the government is wrong.
  6. My one wish for Google by Anonymous Coward · · Score: 1, Interesting

    Let me create a blacklist of domains that are never shown on search results.

    This would then include the sites: *.cn
    which would include:

    bucket.rabbitexothermicsoup.cn
    flight.othersittingport.cn
    aggressive.xeroxmaneshop.cn

    Also the top 40 search result domains for 'geforce 8800gt review' or any other product, the content of which is typically:

    Reviews for Geforce 8800GT: (0)
    Click here to write your review for Geforce 8800GT

  7. Re:Sounds Good To Me by mikew03 · · Score: 2, Interesting

    If this is the best spammers can do against Google I think we should be more impressed than concerned. Apparently most of these sites were up only a few days before being removed. And although they did manage to get on page 1 did anyone else notice how bad the site summaries looked? You'ld have to be a total idiot to click on any of those results even if they were page one.