Google To Send Detailed Info About Hacked Web Sites

alphadogg writes "In an effort to promote the 'general health of the Web,' Google will send Webmasters snippets of malicious code in the hopes of getting infected Web sites cleaned up faster. The new information will appear as part of Google's Webmaster Tools, a suite of tools that provide data about a Web site, such as site visits. 'We understand the frustration of Webmasters whose sites have been compromised without their knowledge and who discover that their site has been flagged,' wrote Lucas Ballard on Google's online security blog. To Webmasters who are registered with Google, the company will send them an email notifying them of suspicious content along with a list of the affected pages. They'll also be able to see part of the malicious code." Another of the new Webmaster Tools is Fetch as Googlebot, which shows you a page as Google's crawler sees it. This should allow Webmasters to see malicious code that bad guys have hidden on their sites via "cloaking," among other benefits.

Gentlemen, check your Webmaster tools

[symbolset]

This is a great service. Google should set up an opt-in email notification as well.

It helps the webmasters build better sites and teaches them to check the Google website tools that allow them to groom their site for best indexing on Google. That's great.

Re:Gentlemen, check your Webmaster tools

[Pieroxy]

Did you mean http://googlewebmastercentral.blogspot.com/2009/10/fetch-as-googlebot-and-malware-details.html ? Your link got garbled by some evil force...

Google needs to clean up their own act first,

[Animats]

Google has a malware hosting problem of their own.

Google Spreadsheets can be abused to create phony login pages. Here's one for "Free Habbo credits", designed to collect Habbo logins. It's been reported via the usual "Google abuse" mechanism, repeatedly, and it's still up. It's been up since October 28, 2008.

We track major domains being exploited by active phishing scams. ("Major" here means only that it's in Open Directory, with about 1.5 million domains.) There are 39 exploited domains today. Only 7 have been on that list since 2008. The most abused site is Piczo.com, which is a hosting service/social network/shopping site for teenagers.

Just about everybody else has cleaned up their act. 18 months ago, that list had 174 entries, including Yahoo, eBay, Microsoft Live, and TinyURL. All those companies have become more aggressive about checking for phishing scams that were injected into their domain. Google's cluelessness in this area ought to be embarrassing to someone.

Re:Google needs to clean up their own act first,

[aj50]

An ordinary scam (like the Habbo one listed above) is different from a phishing attack (which requires that the attacker impersonates another entity).

You have absolutely no hard evidence (other than your own experience and cynicism) that the site collecting Habbo logins isn't doing so for purely honest reasons and will only use them to deposit 500 credits in each account submitted.

This comes down to a matter of trust. If you trust random people on the Internet, you're going to get screwed over.

Good idea, but...

[PrimaryConsult]

If Google's determination on whether a site has malicious content is based solely on crawling it, wouldn't a hacker be able to manipulate robots.txt to ignore the file with the malware? These tools would allow a hacker to test that theory out, by trying different things on his own sites and seeing what generates an email, instead of waiting around for Google to re-crawl them and having to check each one to see if it is filtered...

Re:Who requests

[mftb]

It's an opt-in notification system - nobody's forcing you to do anything. Also, robots.txt has been around since long before google.

Happened over here

[orta]

This happened to my site and the google webmaster tools were helpful but frustrating, it took 2 weeks of my site being banned in all major browsers before they officially sanctioned it OK. It did give me a list of all the URLS where there was problems, so it wasn't too hard to debug.