Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Wants You to Report Malware

Posted by Zonk on from the there's-a-propaganda-poster-in-this dept.

darthcamaro writes "As part of its ongoing effort to keep a clean index Google is soliciting the help of web browsers to let them know when we find malware in the index. Celebrated Google hacker Johnny Long thinks it's a good idea, though he told the site Internet News that he doesn't think it'll stop real hackers. From the article: 'Most in search of malware for offensive use know the good stuff — it ain't distributed through public Web ... It's distributed through dark Web servers, peer-to-peer networks, IRC channels, torrents and the like. Google's efforts will not affect how skilled hackers get access to malware.'"

6 of 135 comments (clear)

  1. I think it's about malware in use not distribution by Anonymous Coward · · Score: 5, Informative

    Obviously hackers don't look for their tools on Google. But if regular people get to websites through Google's index, Google does not want them to get infected by web-borne malware.

  2. That's not the point, you dolts! by Wog · · Score: 5, Informative

    'Most in search of malware for offensive use know the good stuff -- it ain't distributed through public Web ... It's distributed through dark Web servers, peer-to-peer networks, IRC channels, torrents and the like. Google's efforts will not affect how skilled hackers get access to malware.'

    I imagine the idea is that people who are making (ahem) innocent searches will not be so prone to stumble across a malicious page with the latest unpatched IE/Firefox/Whatever exploit.

  3. The article author and submitter aren't too bright by sirwired · · Score: 4, Informative

    The point of this is not to keep hackers from finding malware, it is to keep Google search users from getting infected through poisoned search results.

    Duh.

    SirWired

  4. Re:He appears to have misfired or gone way off cou by DaveAtFraud · · Score: 2, Informative

    In my opinion, hackers are more like terrorists. They are motivated by sadism and determined at their craft.

    This may have been true some time ago. The folks who create and spread malware these days are motivated by simple greed. Botnets and such are big business. So is the information harvested from unsuspecting users through key loggers. Terrorists tend to be ideologically motivated regardless of whether the ideology is religion, politics or whatever.

    Change the economics of web sites hosting malware and that infect unsuspecting users and the effort will go in a different direction. Consider the expense these people went to to create false results through Google by having a bunch of fake sites set up to point to the malware host. This isn't necessarily expense in the sense of money changing hands but more likely effort that was channelled to creating the falsified results. How many bots had to be created to get Google to point to the malware web host?

    Cheers,
    Dave

    --
    They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
    Ben
  5. Re:Not affect how skilled hackers get malware by DutchSter · · Score: 3, Informative

    This isn't about that. Google already has a service that reports and detects sites that try to phish your personal information or try to install malware on your machine. No, this effort is to try to purge the Google index of sites that sell malware creation and deployment toolkits to black-hats. IMHO, the original poster is correct. This wouldn't make it much more difficult for script-kiddies and black-hats to get their hands on malware kits, while making it more difficult for white-hats to find information about these programs.

    Not to drift too far off topic but I've never been very impressed with the Google phishing site service. On the one hand they say that solicit feedback from the user community as to what is a web forgery I don't know that they ever listen. I deal with phishing sites as part of my job and I've had situations where at least 10 or 12 customers have told us that they submitted the page to Google's Web Forgery report page but it never gets flagged. The only time I've ever seen them flag a site is when one of the major anti-phishing players classifies it as such. I've done some experiments where I've watched phishing sites stay online for a while. It seems that without fail within an hour of a major vendor like Symantec announcing the forgery Google will flag it. Otherwise users can spam the Google report link for a week and it'll never get flagged.

    With this new service it makes me wonder if they have any plans to actually respond to user input or if the user input will be up only for good PR. Will all the accepted submissions come from professional security firms who have a vested interest in knowing about malware leaving your more casual security researcher unable to a) effectively report malware pages and b) learn about new threats once the big players have done their research and told Google to de-index the page.

    Now I understand that if you get a report from Symantec the credibility is very high as opposed to web-based reports from anybody who can read squiggly letters in a box, but it does make me wonder if the public submission forms are just for show so people can feel like they're doing a good thing.

  6. Re:Just malware? by nullbort · · Score: 2, Informative

    The CustomizeGoogle extension for Firefox allows you to blacklist sites from search results.