As part of Cyber Security Awareness Month, we're highlighting cyber security tips and features to help ensure you're taking the necessary steps to protect your computer, website, and personal information. For general cyber security tips, check out our online security educational series or visit http://www.staysafeonline.org/. To learn more about malware detection and site cleanup, visit the Webmaster Tools Help Center and Forum.
To help protect users against malware threats, Google has built automated scanners that detect malware on websites we've indexed. Pages that are identified as dangerous by these scanners are accompanied by warnings in Google search results, and browsers such as Google Chrome, Firefox, and Safari also use our data to show similar warnings to people attempting to visit suspicious sites.
While it is important to protect users, we also know that most of these sites are not intentionally distributing malware. We understand the frustration of webmasters whose sites have been compromised without their knowledge and who discover that their site has been flagged. We proactively offer help to these webmasters: we send email to site administrators when we encounter suspicious content, we provide a list of infected pages in Webmaster Tools, and we maintain a service that allows webmasters to notify us when they have cleaned their sites. Read more about this process in the previous post on this blog.
We're happy to announce that we've launched a feature that enables Google to provide even more detailed help to webmasters. Webmaster Tools now provides webmasters with samples of the malicious code that Google's automated scanners detected on their sites. These samples — which typically take the form of injected HTML tags, JavaScript, or embedded Flash files — are available in the "Malware details" Labs feature in Webmaster Tools. (UPDATE: The 'Malware details' feature graduated from Labs and is now part of the default Webmaster Tools interface. You can access it in the regular menu under 'Diagnostics'). Registered webmasters (registration is free) of infected sites do not need to specially enable the feature — they will find links to it on the Webmaster Tools dashboard. Webmasters will see a list of their pages that we found to be involved in malware distribution and samples of the malicious content that Google's scanners encountered on each infected page. In certain situations we can identify the underlying cause of the malicious code, and we'll provide these details when possible. We hope that the additional information will assist webmasters and help prevent their visitors from being exposed to malware.
Malware details for your site
Malware details for a particular page
While we're excited to offer this feature, we caution webmasters to use the tool only as a starting point in their site clean-up process. Google's scanners may not be able to provide malware samples in all cases, and the malware samples may not be a complete list of all the malware on the page. More importantly, we advise against simply removing the examples that are displayed in Webmaster Tools. If the underlying vulnerability is not identified and patched, it is likely that the site will be compromised again.
In addition to helping the webmasters of sites with malware warnings, this new detail is also designed to promote the general health of the web. In some cases, our automatic scanners find questionable content on a site but do not have enough data to add it to the malware list. The new "Malware details" feature will highlight these instances to webmasters early on to help them identify and address security vulnerabilities more quickly.
We hope you never have cause to use this feature, but if you do, it should help you quickly purge malware from your site and help protect its visitors. We plan to improve our algorithms in the upcoming months to provide even greater coverage, more accurate vulnerability identification, and faster delivery to webmasters.
this feature is really cool.
ReplyDeleteHehe ... I've never been into the business of hailing everything that Google does, but this new feature is really great. You have been listening to webmasters for once ;-)
ReplyDelete-luzie-
My God... it's a nice idea. But there are some sites, that I ABSOLUTLY NEED TO GET INTO, and it says I can continue at my own risk, but where is that button? WTF do I continue?
ReplyDeleteGoogle needs to add the option to continue to that page at your own risk. Otherwise they are BLOCKING access to websites that are NOT hosted on their propery network.
You need to let people make their own decisions. YES i like the page popping up telling me the page is distributing malware. BUT give me a button that says "Continue Anyway" if I wanna go in.
Your not my boss, I don't work for you. DO NOT PRESUME YOU CAN TELL ME WHAT TO DO!!!
Great feature, This new feature will be very useful for those webmaster whose websites are infected and they have no idea which page is infected.
ReplyDeleteIs this feature already available ? If not, when is it going to be available ? My pc is badly infected by Malware and I had to spent $50.00 yesterday to get em removed. Love you google.
ReplyDeleteWeb Design Firm
Great Tool.. You have reduced the job of webmasters...
ReplyDeleteWe would like to offer a free security vulnerability to these affected websites. Any suggestions how we can learn about these sites as they are discovered?
ReplyDeleteYou can email us at info - websafeshield.com .
This looks like a great feature!
ReplyDeleteAs the Manager of Incident Response at BrandProtect, my team handles several thousand phishing and malware takedowns per year, and I would love to know if there is a comprehensive list of this type of sites available.
Yet another great feature from Google.
I get the red warning when I try to access www.google.com. Any suggestions?
ReplyDeleteUseful tool from Google. Thanks guys!
ReplyDeleteThanks for the great tool addition. Stay protected!
ReplyDeleteAdd a regex that matches the found malicious string and cleanup can be trivialized.
ReplyDeleteI like it, and it does make sense, but I know of many webmasters who have had their sites falsely flagges as having malware, but then they still have a difficult time getting that label removed, because they did not change anything (because they did not need to!). The intent is there, but the execution is not always up to snuff.
ReplyDeleteIt is very nice concept. And I can say that it is one of the best tools of google.
ReplyDelete--------------------
ClickSSL.com
The feature sounds like emphasizing how Google is going to beat other competitors in future.
ReplyDeleteGood for you for trying to keep the internet free from the bugs. Those countrys will try to do wharever it takes to keep tabs on anyone that they think is a threat. We all know it is there gov that is doing it why don't people just come out and say it?
ReplyDeleteI cannot find this tool!
ReplyDeleteWhre is it?
I only have
Fetch as Googlebot
Sidewiki
Site performance
Please help!
What happens when Google detects something as malware, but isn't actually malware? Is there software that can detect the same malware signatures that Google detects?
ReplyDeleteGreat!
ReplyDeleteIt's very useful for security officers ... in fact for all!!!
Thanks. Im happy with Google services and Blogger. Gracias. estoy contento con los servicios de Google y Blogger.
ReplyDeleteThe tool is no longer in Labs section of webmaster tools.
ReplyDeleteI received a warning of malware, but I do not get any details about what the problem is, which is fifferent than what is shown on this page regarding Malware detals.
Hi Bruce,
ReplyDeleteThe 'Malware Details' feature graduated from Labs and is now part of the default Webmaster Tools interface. You can access it in the regular menu under 'Diagnostics'