Slashdot Mirror
Google Wants You to Report Malware
darthcamaro writes "As part of its ongoing effort to keep a clean index Google is soliciting the help of web browsers to let them know when we find malware in the index. Celebrated Google hacker Johnny Long thinks it's a good idea, though he told the site Internet News that he doesn't think it'll stop real hackers. From the article: 'Most in search of malware for offensive use know the good stuff — it ain't distributed through public Web ... It's distributed through dark Web servers, peer-to-peer networks, IRC channels, torrents and the like. Google's efforts will not affect how skilled hackers get access to malware.'"
Nor should it. Google is now telling me what is moral and immoral and wanting to restrict access on their concepts of right and wrong? Who died and made them king?
Either they are a public company that should be considered a 'common carrier' or the aren't, which is it to be?
---- Booth was a patriot ----
Obviously hackers don't look for their tools on Google. But if regular people get to websites through Google's index, Google does not want them to get infected by web-borne malware.
'Most in search of malware for offensive use know the good stuff -- it ain't distributed through public Web ... It's distributed through dark Web servers, peer-to-peer networks, IRC channels, torrents and the like. Google's efforts will not affect how skilled hackers get access to malware.'
I imagine the idea is that people who are making (ahem) innocent searches will not be so prone to stumble across a malicious page with the latest unpatched IE/Firefox/Whatever exploit.
The point of this is not to keep hackers from finding malware, it is to keep Google search users from getting infected through poisoned search results.
Duh.
SirWired
Obviously, by definition, skilled hackers can get the tools they need without google's help (or despite google's measures).
I think this is a great move by Google anyway. The hackers I find annoying are the 'script kiddies'; these kids (or immature adults) can too easily find programs that waste my bandwidth, hitting my server to find obvious holes, looking for very outdated software; in general, banging their heads against my firewall. If a 'real' hacker wants to waste his time, he could probably find some exploits even for updated and patched server software. But I know there are bigger fish to fry (ie banks, microsoft, cnn, etc).
While I do keep my software patched and updated, not everyone does. So, some kid can easily search google for a program to take advantage, without even knowing what he's doing. It's too easy; it's giving him the tools on a silver platter.
- Demosthenes
cynicsreport.com
Who told Johnny Long that the purpose of this development was to "stop real hackers?" I am speculating now that one of the purposes of this development is to mitigate the damage these hackers create.
In my opinion, hackers are more like terrorists. They are motivated by sadism and determined at their craft.
I'm not a religious man, but I pray for the day Google allows you to blacklist certain domains globally (for your cookie or login). Malware sites sure, but link farms and pay-forums and gopher indexes and yadda yadda clog up so much, I'm thinking this feature would be akin to a Do-Not-Call list for the web.
When I was a kid, we only had one Darth.
You forgot to mention, to type "free" anything, then click "I'm feeling lucky"... Boom - malware.
'Most in search of malware for offensive use know the good stuff -- it ain't distributed through public Web ... It's distributed through dark Web servers
Well, then, they should just block the ports typically associated with the DarkText Transfer Protocol.
Shop as usual. And avoid panic buying.
Google has just de-listed Windows Vista, per user advice.
I think Johnny Long and Google have different goals. I think Google wants to protect users from unsuspectingly visiting sites that will exploit browser bugs (i.e. the sites themselves are malware, no user would search for it explicitly), while Johnny Long thinks this is about preventing the spread of rootkits and the like (which people would search for explicitly).
Ghee - if you have the time and...
....
- get a phising email for your paypal account
- get a dubious email from your bank asking to reenter your credentials
don't you go to those sites and feed them expired credit card numbers, wrong information and then report them anyway?
It's great that Google provides resources for to accomodate reporting but hardly any exciting at all.
To get so worked up about it by branding it as inefficient or thinking the Big Brother tries to tell you what is right or wrong surely is an overreaction!
Just because "Google" is doing something. Get a life & give it a break!
let users flag all of those websites that only have indexes of other websites, link farms or whatever they're call... and please let me flag those "ask the expert" pages as spam.
In Soviet Russia, plug an unprotected Windows system into the InterWeb and malware finds you!
Have gnu, will travel.
RTFA.
As its main topic it addresses the infection of computers through websites found via Google searching. The discovery of malware by Google searching is added as an ancillary point. And I quote:
"Long thinks Google's new reporting initiative is a great idea.
'Google's had this unofficial 'do no evil' motto, and this effort supports that," Long told InternetNews.com. "Lots of browser-targeted intrusions originate from traditional Web surfing sessions, and most folks use Google as their Internet surfing origination point. A Google-based security wedge against malware is a terrific idea, and it should cut down the numbers of these types of infections significantly.' "
Perhaps the submitter chose a poor quote from the article...however the article itself is mostly on point and valid.
What would be more helpful is if someone set up a distributed, fully automated IP address blacklist system and web servers and intrusion software could simply log IP address "hate" a-al a system like this http://savingtheinternetwithhate.com/
I'd love to be able to get a daily list of IP addresses that have been community-logged with reputations as having "bad behavior" (like worm propigation, scanning for website or ssh weaknesses, DOS attacks, open relays, etc) to feed to a firewalls, ssh and web server, etc. and drop their connection attempts to the floor. Efforts like this for spam and email have been fairly successful when done well, albeit sometimes controversial.
Such a project would be incredibly difficult to maintain, because crackers and others would attack it directly - yet could have a lot of value in stopping rouge behavior online.
In Soviet Russia, malware reports YOU!
I doubt google are trying to stop hackers getting at materials. What they are doing though, is stopping you average Mr. Joe Bloggs from being suckered in to download malware from a site found from a google search.
I wonder if this system will affect listings in Google for small security firms who publish "proof of concept" demonstrations of new exploits. Could this lead to an unintentional (?) block of such firms' research products?
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
or reported google for pawning off spyware as ads and free web apps?
Quoth the poster: "Google's efforts will not affect how skilled hackers get access to malware."
It may not stop skilled crackers from gaining access to rootkit builders, trojan generators, etc, but if implemented properly it will definitely help identify sites actively hosting pages designed to exploit things like browser vulnerabilities to compromise user machines. Less fodder for the botnets is a good thing in my book.
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
Sony, the RIAA, the MPAA, the FBI, the CIA, the NSA all produce malware. Please block access to their sites.
What?
Not to mention Comcast. Sending RST commands at will is pretty much malware in my book.
Seven puppies were harmed during the making of this post.
The point of this is not to keep hackers from finding malware, it is to keep Google search users from getting infected through poisoned search results.
Duh.
This is exactly what ScrubIT has been doing for a long time now. Instead of search results, it is DNS, which blocks malware sites. It has a function to submit sites to be added to the blacklist.
Many think ScrubIT as a filtered DNS service is just a porn filter to protect the kids. It's much more than that. It kills phishing and malware sites also. The only things it doesn't are sites that provide the IP address instead of using DNS. I've been very happy with it, except lately, it has had a couple outages. I'm on Comcast, so maybe they are blocking an alternate DNS server.
http://www.scrubit.com/
Does anyone else use ScrubIT and noticed any outages in the last couple weeks?
The truth shall set you free!
I really fear for how this will affect full disclosure security sites. These sites are vital and used by security professionals world-wide.
Are they going to ignore sites safely hosting exploit code, or just those attempting to actively use it against the browser? Let's hope it's only the latter.
Do you mean "retarded" or "tarted up again?"
Ooh sounds so scary!!
This may have been true some time ago. The folks who create and spread malware these days are motivated by simple greed. Botnets and such are big business. So is the information harvested from unsuspecting users through key loggers. Terrorists tend to be ideologically motivated regardless of whether the ideology is religion, politics or whatever.
Change the economics of web sites hosting malware and that infect unsuspecting users and the effort will go in a different direction. Consider the expense these people went to to create false results through Google by having a bunch of fake sites set up to point to the malware host. This isn't necessarily expense in the sense of money changing hands but more likely effort that was channelled to creating the falsified results. How many bots had to be created to get Google to point to the malware web host?
Cheers,
Dave
They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
Ben
What with all the spying it does it seems worthy of the malware title...
I wholeheartedly agree with you, especially if it's a fairly obscure BSOD code and they're 2 of 10 results.
"Slapping lipstick on a pig does NOT make it Natalie Portman. Paris Hilton, maybe, but not Portman." - UncleTogie
Comment removed based on user account deletion
Sorry, can't help you. I use linux...
Shut up or I will DDoS your city.
Are they going to drive terrorism-web-sites and kiddie porn sites off the public web too, or will they leave it up to The Law Of Darwin and its enforcers at Interpol to take care of these sites?
McAfee's SiteAdvisor already looks for malware available from web pages, downloading everything that might be a threat and running it in a virtual Windows machine with Internet Explorer. SiteAdvisor does the work themselves; they're not trying to get people to work for them for free. Google already had something like that, although not as good. Allowing users to add to the machine-generated lists is useful, but not a big deal.
Besides, why work for Google for free? If you're going to report phishing sites, report them to PhishTank, where the list is open and free. Harmful software should be reported to StopBadware, which, again, has public data.
Remember Google's scheme for getting people to photograph businesses and send the pictures to Google? Whatever happened to that?
Where your hackers are like terrorists is that both groups target unprepared "civilians" because it works. The above three campaigns, as part of larger battles, brought fairly successful conclusions for the terrorists. The attack in NY has led, via what could probably be described as the hoped-for response from the Dozing Giant, to a rise in violent Islamic fundamentalism - so that one appears on track too.
And, as with terror campaigns, no democracy has been successful at quashing hackers merely by hunting out individual perpetrators. You've got to deal with the set of circumstances that's producing the terrorists/hackers. In the hacker case, that's predominantly high-tech organised crime in ex-USSR and satellite states due to Yeltsin's legacy of corrupt government and workforce brimming with young, talented, unemployed men. You asked Mr. Gorbachev so politely to tear down this wall, he complied, now deal with what's spilled over from the other side.
(N.B. Paper beats stone, and dictionary beats jargon file. "Hackers" is the standard English term for what some people here call "crackers".)
Terrorism as defined in the west, is not necessarily a strategy. It's fighting a "war" on your terms.
The west is right in saying that if the terrorists attacked directly, they would be defeated instantly but why would the west want the terrorists to attack directly - that is, on the west's terms?
As an opponent, I attack using a method that best suits me...a method that guarantees maximum headache to the adversary. That is what is at stake. You can call it terrorism but limit that to your definition not as a term that applies to every man, woman and child.
Exactly. There was an incident this past week where numerous websites registered under the .cn TLD but hosted somewhere near Chicago were finding their way into many Google search results. The only purpose of the sites was to gain high pagerank and infect unfortunate clicker-onners with malware. The problem was discovered and reported by folks outside Google, so Google wants to make sure that people have a way to report such problems before they get out of hand.
Whether this is a losing battle or not is anybody's guess.
it's at http://www.microsoft.com/
there's no place like ~
damn, you're right
Stopping spurious search results is a good idea (I have mentioned scraper malware .cn domain sites before). However, a big problem is the hurdles you have to jump to shut down servers and home computers that are spewing spam and acting as a base of operations for malware. Say you find one, pin it down to the IP, then pin down the ISP/data center. Your next course of action is to submit a complaint to the abuse department. Then you wait for days. The server continues doing what it is doing. You submit another complaint, then place a phone call or login to the livechat for the provider. The person on the other end tells you to submit the complaint via the abuse email or webpage. "I have already done that, twice now." you tell them. "Well, that is what you need to do." comes back down the line. Finally, you give up - because trying to fix this issue is taking up too much time and the provider just doesn't care.
Filing a legitimate DMCA complaint actually works better than trying to shut down a malware server. I am talking about a provider in the US, but good providers in the UK and Europe seem to respond well to similar complaints. Within a few days, the infringing content is taken down. The reason is that there are laws saying a provider must take action to be protected. That I know of, nothing of the sort exists pertaining to malware/spam (if it does, nobody is paying attention). Good data centers and hosting companies will take action, but others could care less. Oh, and have fun trying to shut down a DSL/cable modem subscriber who is spewing spam.
Sooner or later, the Internet needs a watchdog group that can impose real penalties on ISPs that will force them to take action:
"This is WATCHDOG. I have a verified spam server in your data center at IP XXX.XXX.XXX.XXX. Please check the WATCHDOG website to verify and take action within the next 2 hours."
"Um, I don't know..."
"Failure to take action will result in your IP block being blacklisted until the server is taken offline."
Andrew Borntreger
Champion of cinematic disasters
then click "I'm feeling lucky"
Should one consider that irony?
Is this a news report or a trailer for a motion picture?
CENTURION: What's this, then? 'Romanes Eunt Domus'? 'People called Romanes they go the house'?
BRIAN: It-- it says, 'Romans, go home'.
CENTURION: No, it doesn't. What's Latin for 'Roman'? Come on!
BRIAN: Aah!
CENTURION: Come on!
BRIAN: 'R-- Romanus'?
CENTURION: Goes like...?
BRIAN: 'Annus'?
CENTURION: Vocative plural of 'annus' is...?
BRIAN: Eh. 'Anni'?
CENTURION: 'Romani'. 'Eunt'? What is 'eunt'?
BRIAN: 'Go'. Let--
CENTURION: Conjugate the verb 'to go'.
BRIAN: Uh. 'Ire'. Uh, 'eo'. 'Is'. 'It'. 'Imus'. 'Itis'. 'Eunt'.
CENTURION: So 'eunt' is...?
BRIAN: Ah, huh, third person plural, uh, present indicative. Uh, 'they go'.
CENTURION: But 'Romans, go home' is an order, so you must use the...?
BRIAN: The... imperative!
CENTURION: Which is...?
BRIAN: Umm! Oh. Oh. Um, 'i'. 'I'!
CENTURION: How many Romans?
BRIAN: Ah! 'I'-- Plural. Plural. 'Ite'. 'Ite'.
CENTURION: 'Ite'.
BRIAN: Ah. Eh.
CENTURION: 'Domus'?
BRIAN: Eh.
CENTURION: Nominative?
BRIAN: Oh.
CENTURION: 'Go home'? This is motion towards. Isn't it, boy?
BRIAN: Ah. Ah, dative, sir! Ahh! No, not dative! Not the dative, sir! No! Ah! Oh, the... accusative! Accusative! Ah! 'Domum', sir! 'Ad domum'! Ah! Oooh! Ah!
CENTURION: Except that 'domus' takes the...?
BRIAN: The locative, sir!
CENTURION: Which is...?!
BRIAN: 'Domum'.
CENTURION: 'Domum'.
BRIAN: Aaah! Ah.
CENTURION: 'Um'. Understand?
BRIAN: Yes, sir.
CENTURION: Now, write it out a hundred times.
BRIAN: Yes, sir. Thank you, sir. Hail Caesar, sir.
CENTURION: Hail Caesar. If it's not done by sunrise, I'll cut your balls off.
BRIAN: Oh, thank you, sir. Thank you, sir. Hail Caesar and everything, sir! Oh. Mmm!
Ice Cream has no bones.
http://www.microsoft.com/windows/products/windowsvista/default.mspx
Once this massive exercise is done, when someone search for malware in google... suddenley a counselor shows up in the screen and say,
"Hey dork, don't download malware... download some pr0n"
If it's not open source, it's malware. If it is open source, it might still suck, though!
I hold very few opinions. I hold information based on observation and fact. If you wish to disagree, please use facts.
This censorship thing is going to bite them in the ass eventually. I mean why use a diluted source, when you can get a pure source else where? Some of us may want to find malware in order to experiment with it in order to get a better understanding.
Google does NOT index you?
I use McAfee SiteAdvisor, it's free and it warns you when you're headed to an malicious website and stuff.
"Obviously hackers don't look for their tools on Google."
actually I believe that many hackers do find tools through Google...
Tools, active exploits, 0days, and much more can all be found just by searching for them. Try a search for "0day exploit". The second and third results (milw0rm and FrSIRT) are chock full of goodies.
If you have some time on your hands and run the right queries you can find forums that link to certain opensource bots. Mostly you can find SpyBot and RBot variants but there are some others out there.
As well, let me just mention that it is not hard to compile these and then make them undetectable to signature based AV's.
But the skilled hackers do know other avenues to get there malware. Many of them just develop there own from creating frankenstiens of legitimate applications.
Nice to see that the media likes to listen to such criminal punks as Johnny Long. Having had several websites defaced and redirected to his own website and others of a dubious nature I can only wonder if it's his methods for personal exposure at work, or some underline for plausible deniability.
Certainly not the best candiate for taking an opinion from on malware provention is someone who uses it themselves against others.
I got annoyed at someone called atomikpsycho so it is time to send him to that website. I'd count him as malware :-)