June 18, 2007

Phishers and Malware authors beware!

Posted by Brian Rakowski and Garrett Casto, Anti-Phishing and Anti-Malware Teams

OK, so it might be a little early to declare victory, but we're excited about the Safe Browsing API we launched today. It provides a simple mechanism for downloading Google's lists of suspected phishing and malware URLs, so now any developer can access the blacklists used in products such as Firefox and Google Desktop.

The API is still experimental, but we hope it will be useful to ISPs, web-hosting companies, and anyone building a site or an application that publishes or transmits user-generated links. Sign up for a key and let us know how we can make the API better. We fully expect to iterate on the design and improve the data behind the API, and we'll be paying close attention to your feedback as we do that. We look forward to hearing your thoughts.

10 comments:

  1. GabosgabJune 19, 2007 at 7:19 PM

    Is there any possibility there could be a test page where users could copy/paste a URL and determine if it was on the blacklist? Kindof like a hello world for the API?

    ReplyDelete
  2. AOwLJune 20, 2007 at 4:17 PM

    You can also use Vengine to avoid Phishing sites.
    http://www.vengine.com/

    ReplyDelete
  3. simeJune 20, 2007 at 10:34 PM

    So this could spawn the server side checking of attacks URLs.

    1. A Proxy server could blacklist sites from the Safe Browsing API.
    2. Along side virus definitions, mail scanners can omit phising based E-Mails.

    Cool!

    ReplyDelete
  4. shah jeeJuly 7, 2007 at 4:07 AM

    This comment has been removed by a blog administrator.

    ReplyDelete
  5. phritzJuly 11, 2007 at 2:30 PM

    This comment has been removed by a blog administrator.

    ReplyDelete
  6. julhoAugust 27, 2007 at 1:31 PM

    This comment has been removed by a blog administrator.

    ReplyDelete
  7. julhoAugust 27, 2007 at 1:31 PM

    This comment has been removed by a blog administrator.

    ReplyDelete
  8. TimSeptember 10, 2007 at 11:58 PM

    Could you please add Quechup.com to this list, this is an aggressive and deceptive spamming organisation.

    ReplyDelete
  9. UnknownJuly 10, 2008 at 8:26 PM

    This list should be treated like any other blacklist on the Internet today. With that said.

    1. Does the list get automatically downloaded to a server in order to keep it up-to-date?

    2. How can someone get their site taken off of the list after it is determined that they are not hosting malware (or previously were but are not any longer)?

    3. Are there any possible negative legal implications for Google based on them accidentally causing a site to be blacklisted that shouldn't be? Perhaps the software agreement expresses that the user of the list is liable for its proper verification. Something to look into.

    http://www.MBridge.com

    ReplyDelete
  10. dennyhalim.comNovember 19, 2008 at 4:44 AM

    it'll be great if there's a downloadable list for squid/squidguard/dansguardian

    ReplyDelete

You are welcome to contribute comments, but they should be relevant to the conversation. We reserve the right to remove off-topic remarks in the interest of keeping the conversation focused and engaging. Shameless self-promotion is well, shameless, and will get canned.

Note: Only a member of this blog may post a comment.