Wrestling With Malware, Google Launches Security Blog - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

07:42 PM
Connect Directly

Wrestling With Malware, Google Launches Security Blog

Google said it began tackling online security in a public manner last year.

In a continuation of its year-old effort to make the Web more secure, Google today launched an online security blog to keep Internet users informed about security threats. It makes no mention, however, of Google's ongoing vulnerability to redirection exploits.

The initial post by Panayiotis Mavrommatis and Niels Provos of Google's Anti-Malware Team attempts to clarify misinterpretation of the company's own study about the prevalence of malware online.

"Unfortunately, the scope of the problem has recently been somewhat misreported to suggest that one in 10 Web sites are potentially malicious," explained Mavrommatis and Provos. "To clarify, a sample-based analysis puts the fraction of malicious pages at roughly 0.1%."

While Google may be glad to set the record straight that only about one in 1,000 Web sites are potentially malicious, it says something about the state of online security that some simply accepted the 1-in-10 figure.

Google began tackling online security in a public manner last year. In January 2006, Google was among the companies that sponsored the launch of StopBadware.org, a site conceived to fill the role of a neighborhood watch group on the Internet.

The insecurity of search came to the fore last May when a McAfee SiteAdvisor report found that search engines regularly returned risky sites when queried using popular keywords. Shortly before that report appeared, Google made an arguably long-overdue addition to its Webmaster Quality Guidelines: "Don't create pages that install viruses, Trojans, or other badware."

Three months ago in February, Google started to flag suspect search result links with the message, "This site may harm your computer." The company also disabled the links on flagged results, preventing users from visiting those sites unless they copied the URL and pasted it directly into their browser address bar.

That same month, Google also added a notification for owners of flagged sites to help those with good intentions identify and mitigate any malware they might be hosting.

While Google's efforts may provide some comfort to its users, cyberthieves appear to be unimpressed. Since last year, Google has been dealing with URL redirection exploits that allow phishers to disguise malicious URLs to look like Google links. While the company has closed some holes, others apparently remain.

"We're aware of the issue and working on a fix," said a Google spokesperson.

Indeed, Google has "started an effort to identify all Web pages on the Internet that could potentially be malicious," according to a security paper published by several Google engineers, Mavrommatis and Provos among them.

Even so, not everyone believes Google is moving fast enough. Writing about an exploit that Google closed in February, Robert Hansen, CEO of security consultancy SecTheory and the maintainer of ha.ckers.org under the name RSnake, said, "Google is riddled with these holes and they are incredibly easy to find."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Remote Work Tops SF, NYC for Most High-Paying Job Openings
Jessica Davis, Senior Editor, Enterprise Apps,  7/20/2021
Blockchain Gets Real Across Industries
Lisa Morgan, Freelance Writer,  7/22/2021
Seeking a Competitive Edge vs. Chasing Savings in the Cloud
Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
Register for InformationWeek Newsletters
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll