Google is making a significant change in the way that it handles legitimate sites that have been compromised and are serving up malware. The search giant announced Monday that it will now provide webmasters with specific examples of the malicious code that was used to compromise their sites.
For some time now Google’s scanners have been identifying malicious sites and subsequently flagging them as dangerous when they appear in users’ search results. This is a valuable service from Google and has been a boon to users who might otherwise have stumbled blindly into a malicious site. It’s been especially valuable in identifying legitimate sites that have been compromised as part of the mass SQL injection attacks that have taken place in the last year or so.
These sites comprise a large portion of the sites serving malware right now, as much as 77 percent, according to a recent report by Websense. But it’s been difficult for the administrators of those compromised sites to figure out how their sites were attacked and what went wrong. But now, with Google giving webmasters samples of malicious code, the webmasters will have a clearer picture of where their sites are vulnerable.
The details will be part of the Labs feature in Google’s Webmaster Tools offering, and will give administrators a quick snapshot of which pages are compromised and what the actual malicious code looks like.
Registered webmasters (registration is free) of infected sites do not need to specially enable the feature — they will find links to it on the Webmaster Tools dashboard. Webmasters will see a list of their pages that we found to be involved in malware distribution and samples of the malicious content that Google’s scanners encountered on each infected page. In certain situations we can identify the underlying cause of the malicious code, and we’ll provide these details when possible. We hope that the additional information will assist webmasters and help prevent their visitors from being exposed to malware.
This notification isn’t meant to serve as a replacement for a full investigation and recovery effort, but more of a starting point.