Monday, October 12, 2009

Show Me the Malware!

As part of Cyber Security Awareness Month, we're highlighting cyber security tips and features to help ensure you're taking the necessary steps to protect your computer, website, and personal information. For general cyber security tips, check out our online security educational series or visit To learn more about malware detection and site cleanup, visit the Webmaster Tools Help Center and Forum.

To help protect users against malware threats, Google has built automated scanners that detect malware on websites we've indexed. Pages that are identified as dangerous by these scanners are accompanied by warnings in Google search results, and browsers such as Google Chrome, Firefox, and Safari also use our data to show similar warnings to people attempting to visit suspicious sites.

While it is important to protect users, we also know that most of these sites are not intentionally distributing malware. We understand the frustration of webmasters whose sites have been compromised without their knowledge and who discover that their site has been flagged. We proactively offer help to these webmasters: we send email to site administrators when we encounter suspicious content, we provide a list of infected pages in Webmaster Tools, and we maintain a service that allows webmasters to notify us when they have cleaned their sites. Read more about this process in the previous post on this blog.

We're happy to announce that we've launched a feature that enables Google to provide even more detailed help to webmasters. Webmaster Tools now provides webmasters with samples of the malicious code that Google's automated scanners detected on their sites. These samples — which typically take the form of injected HTML tags, JavaScript, or embedded Flash files — are available in the "Malware details" Labs feature in Webmaster Tools. (
UPDATE: The 'Malware details' feature graduated from Labs and is now part of the default Webmaster Tools interface. You can access it in the regular menu under 'Diagnostics'). Registered webmasters (registration is free) of infected sites do not need to specially enable the feature — they will find links to it on the Webmaster Tools dashboard. Webmasters will see a list of their pages that we found to be involved in malware distribution and samples of the malicious content that Google's scanners encountered on each infected page. In certain situations we can identify the underlying cause of the malicious code, and we'll provide these details when possible. We hope that the additional information will assist webmasters and help prevent their visitors from being exposed to malware.

Malware details for your site

Malware details for a particular page

While we're excited to offer this feature, we caution webmasters to use the tool only as a starting point in their site clean-up process. Google's scanners may not be able to provide malware samples in all cases, and the malware samples may not be a complete list of all the malware on the page. More importantly, we advise against simply removing the examples that are displayed in Webmaster Tools. If the underlying vulnerability is not identified and patched, it is likely that the site will be compromised again.

In addition to helping the webmasters of sites with malware warnings, this new detail is also designed to promote the general health of the web. In some cases, our automatic scanners find questionable content on a site but do not have enough data to add it to the malware list. The new "Malware details" feature will highlight these instances to webmasters early on to help them identify and address security vulnerabilities more quickly.

We hope you never have cause to use this feature, but if you do, it should help you quickly purge malware from your site and help protect its visitors. We plan to improve our algorithms in the upcoming months to provide even greater coverage, more accurate vulnerability identification, and faster delivery to webmasters.

No comments:

Post a Comment