[Infowarrior] - Google: Show Me the Malware!

Richard Forno rforno at infowarrior.org
Wed Oct 14 12:38:41 UTC 2009 

(Nifty and community-centric 'offering' here, eh? --rf)

Show Me the Malware!
Monday, October 12, 2009 3:53 PM written by Lucas Ballard
on behalf of the Anti-Malware, Anti-Malvertising, and Webmaster Tools  
teams

http://googleonlinesecurity.blogspot.com/2009/10/show-me-malware.html

As part of Cyber Security Awareness Month, we're highlighting cyber  
security tips and features to help ensure you're taking the necessary  
steps to protect your computer, website, and personal information. For  
general cyber security tips, check out our online security educational  
series or visit http://www.staysafeonline.org/. To learn more about  
malware detection and site cleanup, visit the Webmaster Tools Help  
Center and Forum.

To help protect users against malware threats, Google has built  
automated scanners that detect malware on websites we've indexed.  
Pages that are identified as dangerous by these scanners are  
accompanied by warnings in Google search results, and browsers such as  
Google Chrome, Firefox, and Safari also use our data to show similar  
warnings to people attempting to visit suspicious sites.

While it is important to protect users, we also know that most of  
these sites are not intentionally distributing malware. We understand  
the frustration of webmasters whose sites have been compromised  
without their knowledge and who discover that their site has been  
flagged. We proactively offer help to these webmasters: we send email  
to site administrators when we encounter suspicious content, we  
provide a list of infected pages in Webmaster Tools, and we maintain a  
service that allows webmasters to notify us when they have cleaned  
their sites. Read more about this process in the previous post on this  
blog.

We're happy to announce that we've launched a feature that enables  
Google to provide even more detailed help to webmasters. Webmaster  
Tools now provides webmasters with samples of the malicious code that  
Google's automated scanners detected on their sites. These samples —  
which typically take the form of injected HTML tags, JavaScript, or  
embedded Flash files — are available in the "Malware details" Labs  
feature in Webmaster Tools. Registered webmasters (registration is  
free) of infected sites do not need to specially enable the feature —  
they will find links to it on the Webmaster Tools dashboard.  
Webmasters will see a list of their pages that we found to be involved  
in malware distribution and samples of the malicious content that  
Google's scanners encountered on each infected page. In certain  
situations we can identify the underlying cause of the malicious code,  
and we'll provide these details when possible. We hope that the  
additional information will assist webmasters and help prevent their  
visitors from being exposed to malware.


Malware details for your site



Malware details for a particular page


While we're excited to offer this feature, we caution webmasters to  
use the tool only as a starting point in their site clean-up process.  
Google's scanners may not be able to provide malware samples in all  
cases, and the malware samples may not be a complete list of all the  
malware on the page. More importantly, we advise against simply  
removing the examples that are displayed in Webmaster Tools. If the  
underlying vulnerability is not identified and patched, it is likely  
that the site will be compromised again.

In addition to helping the webmasters of sites with malware warnings,  
this new detail is also designed to promote the general health of the  
web. In some cases, our automatic scanners find questionable content  
on a site but do not have enough data to add it to the malware list.  
The new "Malware details" feature will highlight these instances to  
webmasters early on to help them identify and address security  
vulnerabilities more quickly.

We hope you never have cause to use this feature, but if you do, it  
should help you quickly purge malware from your site and help protect  
its visitors. We plan to improve our algorithms in the upcoming months  
to provide even greater coverage, more accurate vulnerability  
identification, and faster delivery to webmasters.

More information about the Infowarrior mailing list