Google Online Security Blog: October 2009

Include Form Remove Scripts Session Cookies

Security Blog

The latest news and insights from Google on security and safety on the Internet

Do machines dream of electric malware?

October 29, 2009

Posted by: Oliver Fisher, Anti-Malware Teamanti-malware processesshowing snippets of the malicious code we findWebmaster Toolstips for finding hidden malware and cleaning up websitesWebmaster Central BlogWebmaster Toolsseveral administrative email addressesWebmaster Tools
We recently discovered that some of your pages can cause users to be infected with malicious software. We have begun showing a warning page to users who visit these pages by clicking a search result on Google.com.
...
We strongly encourage you to investigate this immediately to protect your visitors. Although some sites intentionally distribute malicious software, in many cases the webmaster is unaware because:
1) the site was compromised
2) the site doesn't monitor for malicious user-contributed content
3) the site displays content from an ad network that has a malicious advertiser

If your site was compromised, it's important to not only remove the malicious (and usually hidden) content from your pages, but to also identify and fix the vulnerability. We suggest contacting your hosting provider if you are unsure of how to proceed. StopBadware also has a resource page for securing compromised sites: http://www.stopbadware.org/home/security Once you've secured your site, you can request that the warning be removed by visiting http://www.google.com/support/webmasters/bin/answer.py?answer=45432 and requesting a review. If your site is no longer harmful to users, we will remove the warning.
Webmaster Toolsprotect our advertising networkstheir experiences with deceptive display ads

Google

Best Practices for Verifying and Cleaning up a Compromised Site

October 22, 2009

Written by Panayiotis Mavrommatis, Security Team As part of Cyber Security Awareness Month, Google's Anti-Malware Team is publishing a series of educational blog posts inspired by questions we've received from users. October is a great time to brush up on cyber security tips and ensure you're taking the necessary steps to protect your computer, website, and personal information. For general cyber security tips, check out our online security educational series or visit http://www.staysafeonline.org/. To learn more about malware detection and site cleanup, visit the Webmaster Tools Help Center and Forum.last post1) Verify Your Site with Google Webmaster Tools
added and verified your site's ownershipsamples of the malicious code2) If Your Site Has Been Compromised, Perform a Comprehensive Cleanup
pages listed in Webmaster ToolsRemember to Check Your Web Server Configuration
Deleted & Error Pages: Dark Corners of Your Website Where Malware May Be Lurking
similar problems3) If You Switch Hosting Providers, Disable Access to the Old Version of Your Site
Webmaster ForumBadwareBusters

Google

Protecting Users and Ads from Malware

October 16, 2009

Posted by Eric Davis, Head of Anti-Malvertisingour online security educational serieshttp://www.staysafeonline.org/What is "Malvertising?"Anti-Malvertising.compublishersad operations teamsInternet usersTips for Web Publishers: Know Who You're Working With, Perform Comprehensive QA, & Have a Plan in Placecustom search enginemalvertising research enginehttp://www.anti-malvertising.com/tips-for-publishers

Pay close attention to all agencies and advertisers with whom you work.

Perform due diligence by thoroughly checking prospective partners' references and credentials.

Perform comprehensive QA on all ad creatives.

Protect your own computer and website from infection.

Be aware that various ad networks and exchanges may have significantly different standards for the prevention and detection of malware. No automatic detection system, however robust, can substitute for your own vigilance. However, we strongly advise against exposing your site to harm by using networks or exchanges without strong anti-malware security measures in place.

Ensure your Ad Operations team has an incident response plan in place (for guidance, visit http://www.anti-malvertising.com/tips-for-ad-operations).

Tips for Users: Protect Your Computer, Update Regularly, and Avoid Getting Tricked

Make sure your browser, operating system, software and plugins are all updated regularly (enable auto-updates when possible).

Be aware that malware can be disguised as antivirus/antispyware software in order to trick people into buying or downloading it. Fake (and harmful) software of this kind is known in the web security community as "rogue security software." How to avoid getting tricked? Always research a company's reputation before downloading its software or visiting its website, and be wary of unexpected warnings from products you haven't installed yourself. You can view a list of some legitimate free security scans at http://www.staysafeonline.org/content/free-security-check-ups.

Exercise caution whenever you're prompted to download an email attachment, follow an instant message link, install a plug-in, or download an unfamiliar piece of software.

Protecting the Free Availability of Online Content

Google

Show Me the Malware!

October 12, 2009

written by Lucas Ballard, on behalf of the Anti-Malware, Anti-Malvertising, and Webmaster Tools teams

As part of Cyber Security Awareness Month, we're highlighting cyber security tips and features to help ensure you're taking the necessary steps to protect your computer, website, and personal information. For general cyber security tips, check out our online security educational series or visit http://www.staysafeonline.org/. To learn more about malware detection and site cleanup, visit the Webmaster Tools Help Center and Forum.

To help protect users against malware threats, Google has built automated scanners that detect malware on websites we've indexed. Pages that are identified as dangerous by these scanners are accompanied by warnings in Google search results, and browsers such as Google Chrome, Firefox, and Safari also use our data to show similar warnings to people attempting to visit suspicious sites.

While it is important to protect users, we also know that most of these sites are not intentionally distributing malware. We understand the frustration of webmasters whose sites have been compromised without their knowledge and who discover that their site has been flagged. We proactively offer help to these webmasters: we send email to site administrators when we encounter suspicious content, we provide a list of infected pages in Webmaster Tools, and we maintain a service that allows webmasters to notify us when they have cleaned their sites. Read more about this process in the previous post on this blog.

We're happy to announce that we've launched a feature that enables Google to provide even more detailed help to webmasters. Webmaster Tools now provides webmasters with samples of the malicious code that Google's automated scanners detected on their sites. These samples — which typically take the form of injected HTML tags, JavaScript, or embedded Flash files — are available in the "Malware details" Labs feature in Webmaster Tools. (UPDATE:

Malware details for your site

Malware details for a particular page

Google

The Malware Warning Review Process

October 9, 2009

written by Lucas Ballard and Ke Wang, Anti-Malware TeamAs part of Cyber Security Awareness Month, Google's Anti-Malware Team is publishing a series of educational blog posts inspired by questions we've received from users. October is a great time to brush up on cyber security tips and ensure you're taking the necessary steps to protect your computer, website, and personal information. For general cyber security tips, check out our online security educational series or visit http://www.staysafeonline.org/. To learn more about malware detection and site cleanup, visit the Webmaster Tools Help Center and Forum.tool to file a reviewPart 1: The webmaster's job:stopbadware.org/home/securityIndex Reinclusion request

From the Tool's home page click on the link to the site that is being flagged. This will bring you to the site's Dashboard.

There should be a large red banner across the top of the dashboard that says "This site may be distributing malware." Clicking on the link that says "More Details" expands the dashboard to reveal a list of pages on the site that were found to be malicious.

Below this list is a link that says "Request a review." A webmaster can fill out this form and click the "Request a review" button to initiate the review process.