Feeds

Google malware watchdogs bite mom-and-pop shops

But not MySpace

Next gen security for virtualised datacentres

The Internet is Large

A Google spokeswoman says the company uses an objective set of criteria to label potentially harmful sites that is applied to equally large and small sites.

"Clearly, the Internet is very large and we cannot constantly monitor all sites," she says. "We select a daily subset of the Internet to investigate." She declined to say whether MySpace, PhotoBucket, FaceBook or other large sites known to have served tainted ads has ever been flagged, citing a policy of not discussing individual sites.

She also said company representatives send email to several addresses associated with the site being flagged so webmasters will know of the malware warning as soon as possible. She added that a feature known as Google Webmaster Tools provides a list of specific URLs to help site operators pinpoint the source of the problem. She also acknowledged that Google security watchdogs are still hammering out their policy for malware delivered via banners.

"Malicious content delivered by ad networks is a relatively new threat, and we are looking at different approaches to help site owners with this issue while protecting our users," she says.

That's little comfort for people like Raymond Theakston, operator of Befuddle.co.uk, a site that offers pictures of Britney Spears and other celebrities as they are spotted drinking alcohol, often to excess.

On September 12, Google sent him an email that said some pages of his site "can cause users to be infected with malicious software." The email pointed to three offending URLs, and Theakston says he has scoured their html for iframes or other scripts that attackers could have added without his knowledge. When he came up empty-handed, he dumped the ad network he had been using for years and removed a statistics counter that someone told him might be suspect.

He is awaiting a rescan of his site, and if it comes up clean, Google says it will remove the warning. But after 10 days of being branded a parasite, Theakston says the damage has been done.

The site averaged 1,648 unique visitors per day during the first week of September, but a week after the Google warning began, unique visitors dropped to an average of 619.

"Traffic has gone down a lot," says Theakston, who lives in Leeds and by day works as a senior tester for a large telecommunications company. "Fortunately, I don't rely on the site for revenue anymore."

A Free Pass For MySpace?

Google's claims of impartiality notwithstanding, several malware specialists say they have a hard time believing web destinations generating millions of dollars in revenue would tolerate the treatment Google metes out on smaller sites.

"I'm sure they have an exclusion in there for sites like MySpace," says Eric Sites, a researcher at security provider Sunbelt-Software.

He notes that ad-driven malware is especially hard to catch because banners are frequently programmed to unload toxic payloads only in certain timezones during certain hours. Add to that the highly decentralized nature of affiliate advertising - in which one network hands banners off to another network, which in turn distributes them through a third - and even Google, which seems to have eyes everywhere, may be unable to track offenders competently.

"I think the Google process is actually flawed," says Thompson, the Exploit Prevention Labs researcher who, having watched several small sites struggle to undo the stigma that's resulted from Google's warning, says he sympathizes with the operators.

"This poor guy got nailed through no fault of his own, and now he's tainted," Thompson says. "Arguably, this guy was never infected in the first place. He was just unfortunate enough to have a bad banner ad. That can happen to FaceBook, and it can happen to anyone." ®

If you've had experiences with Google malware watchdogs or have other security-related intelligence, please share them with this reporter by using this link. Confidentiality assured.

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.