Feeds

Google malware watchdogs bite mom-and-pop shops

But not MySpace

Beginner's guide to SSL certificates

The Internet is Large

A Google spokeswoman says the company uses an objective set of criteria to label potentially harmful sites that is applied to equally large and small sites.

"Clearly, the Internet is very large and we cannot constantly monitor all sites," she says. "We select a daily subset of the Internet to investigate." She declined to say whether MySpace, PhotoBucket, FaceBook or other large sites known to have served tainted ads has ever been flagged, citing a policy of not discussing individual sites.

She also said company representatives send email to several addresses associated with the site being flagged so webmasters will know of the malware warning as soon as possible. She added that a feature known as Google Webmaster Tools provides a list of specific URLs to help site operators pinpoint the source of the problem. She also acknowledged that Google security watchdogs are still hammering out their policy for malware delivered via banners.

"Malicious content delivered by ad networks is a relatively new threat, and we are looking at different approaches to help site owners with this issue while protecting our users," she says.

That's little comfort for people like Raymond Theakston, operator of Befuddle.co.uk, a site that offers pictures of Britney Spears and other celebrities as they are spotted drinking alcohol, often to excess.

On September 12, Google sent him an email that said some pages of his site "can cause users to be infected with malicious software." The email pointed to three offending URLs, and Theakston says he has scoured their html for iframes or other scripts that attackers could have added without his knowledge. When he came up empty-handed, he dumped the ad network he had been using for years and removed a statistics counter that someone told him might be suspect.

He is awaiting a rescan of his site, and if it comes up clean, Google says it will remove the warning. But after 10 days of being branded a parasite, Theakston says the damage has been done.

The site averaged 1,648 unique visitors per day during the first week of September, but a week after the Google warning began, unique visitors dropped to an average of 619.

"Traffic has gone down a lot," says Theakston, who lives in Leeds and by day works as a senior tester for a large telecommunications company. "Fortunately, I don't rely on the site for revenue anymore."

A Free Pass For MySpace?

Google's claims of impartiality notwithstanding, several malware specialists say they have a hard time believing web destinations generating millions of dollars in revenue would tolerate the treatment Google metes out on smaller sites.

"I'm sure they have an exclusion in there for sites like MySpace," says Eric Sites, a researcher at security provider Sunbelt-Software.

He notes that ad-driven malware is especially hard to catch because banners are frequently programmed to unload toxic payloads only in certain timezones during certain hours. Add to that the highly decentralized nature of affiliate advertising - in which one network hands banners off to another network, which in turn distributes them through a third - and even Google, which seems to have eyes everywhere, may be unable to track offenders competently.

"I think the Google process is actually flawed," says Thompson, the Exploit Prevention Labs researcher who, having watched several small sites struggle to undo the stigma that's resulted from Google's warning, says he sympathizes with the operators.

"This poor guy got nailed through no fault of his own, and now he's tainted," Thompson says. "Arguably, this guy was never infected in the first place. He was just unfortunate enough to have a bad banner ad. That can happen to FaceBook, and it can happen to anyone." ®

If you've had experiences with Google malware watchdogs or have other security-related intelligence, please share them with this reporter by using this link. Confidentiality assured.

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.