May 23, 2008

Google Anti-Malware Diagnostic Pages

ZDNet's security blog points to an update to Google's malware warnings. Like McAfee SiteAdvisor, now each web site has a special diagnostic page that lists answers to four questions:

1. What is the current listing status?
2. What happened when Google visited this site?
3. Has this site acted as an intermediary resulting in further distribution of malware?
4. Has this site hosted malware?

Here's, for example, the diagnostic page for google.com: http://www.google.com/safebrowsing/diagnostic?site=google.com, which lists some interesting facts.

"Of the 274621 pages we tested on the site over the past 90 days, 4 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 05/22/2008, and the last time suspicious content was found on this site was on 03/13/2008. Malicious software includes 4 scripting exploit(s), 4 trojan(s). Successful infection resulted in an average of 10 new processes on the target machine. Malicious software is hosted on 4 domain(s), including 58.65.239.0, truemaybe.com, abc-powers.com. 5 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including xtraff.biz, x-traffic.ws, smartvideochannel.com."

Despite all of these findings, google.com is not listed as suspicious, probably because the domain is whitelisted or the suspicious content is not very significant. It's likely that the domains listed above are from Google's search results, so that means the anti-malware system doesn't respect robots.txt.

13 comments:

  1. The Diagnostic page for amazon.com/ included the following snippets

    "The last time Google visited this site was on 05/23/2008, and suspicious content was never found on this site within the past 90 days" ... "It infected 41 domain(s), including" ....

    Doesn't quite make sense, to me.

    ReplyDelete
  2. Andrew, hosting malware files and actively using them to infect people's computers are two different things.

    ReplyDelete
  3. I get that - but how can you infect sites without hosting them?

    ReplyDelete
  4. @Andrew:
    It's quite easy to understand. Amazon has hosted malware, but it was only used on third-party sites. No page from amazon.com "resulted in malicious software being downloaded and installed without user consent."

    ReplyDelete
  5. Malware is the dangerous for computer. so, it is very useful. thanks

    ReplyDelete
  6. Recommend Search-and-destroy Antispyware to anyone.
    I would like to recommend Search-and-destroy Antispyware to anyone that wants a good scan for their computer. I tired many other scanners in the past but so far I like this one the best. It’s cheaper than many of the others and it cost less. What more can you ask for? The antispyware solution from Search-and-destroy found at http://www.Search-and-destroy.com/antispyware.html is a great option whether you use your computer for work or personal use. It will keep it clear and clean of antispyware that bogs down your PC and causes it to be sluggish and annoying.

    ReplyDelete
  7. I did a search on my page to today and I got one of these error codes saying my site was infected... I called my Service provider and they told me my site was clean from any Malware or other viruses... They also told me to go to Google and look for a piece of software that would allow goggle to recheck my site again so that it would not show up as Tainted...Can anyone tell me where that piece of software is? Thanks

    ReplyDelete
  8. I hate this - every site has this warning now and I can't get to them -- this service is a Malware - how do I get rid of it?

    ReplyDelete
  9. You know that it is really ticking me off as I have a group that has been targeting my websites and I have been getting hacked on a regular basis. And now what the twit's have done is somehow get my websites , all of them as listed as malware sites. I have searched for the code that is causing this but haven't found it yet. This is ridiculous, as it is used as a tool to attack legitimate sites like mine! Its frustrating as the web hosting of Godaddy won't even lift a finger to help either.

    ReplyDelete
  10. Keanu, I clicked on your name (it links to http://google-ambush.net/) and an anti-trojan alert popped up.

    I also have a website under attack at the moment, I have found an intruder code at the beginning of some index.html files, between the [/head] and [body] codes, it is a [script ...] code. Look for that sort of thing, overwrite infected files, and then start thinking how to prevent it in the future. I still don't know how to stop it happening again.

    ReplyDelete
  11. Some time ago a friend told me that my blog containing malware detected.

    Miqdaad anxious and try to detect it via the internet. And I recommend to you to try http://www.urlvoid.com/ to determine whether your website or blog by malware is detected or not.

    ReplyDelete

Note: Only a member of this blog may post a comment.