September 28, 2010

Safe Browsing Alerts for Network Administrators



Google has been working hard to protect its users from malicious web pages, and also to help webmasters keep their websites clean. When we find malicious content on websites, we attempt to notify their webmasters via email about the bad URLs. There is even a Webmaster Tools feature that helps webmasters identify specific malicious content that has been surreptitiously added to their sites, so that they can clean up their site and help prevent it from being compromised in the future.

Today, we’re happy to announce Google Safe Browsing Alerts for Network Administrators -- an experimental tool which allows Autonomous System (AS) owners to receive early notifications for malicious content found on their networks. A single network or ISP can host hundreds or thousands of different websites. Although network administrators may not be responsible for running the websites themselves, they have an interest in the quality of the content being hosted on their networks. We’re hoping that with this additional level of information, administrators can help make the Internet safer by working with webmasters to remove malicious content and fix security vulnerabilities.

To get started, visit safebrowsingalerts.googlelabs.com.

15 comments:

  1. Is there some information with more details? I visit the startbrowsingalerts.googlelabs.com but don't know what to do next.

    ReplyDelete
  2. Readers may be interested in our research on Malware Alerts. We presented this research at the past Black Hat USA and DefCon 18:

    http://www.slideshare.net/rob.ragan/lord-of-the-bing-black-hat-usa-2010

    More information at the project page:

    http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/

    ReplyDelete
  3. Nice service. Unfortunately at the moment I am not able to register AS which is assigned by RIPE (resolved as ASN-BLKRIPEX) although the detailed information is present in the RIPE whois. Hopefully it will be resolved soon.

    ReplyDelete
  4. looks very useful but there are a lot of little isp which do not own an AS and host some hundred of web pages (because they just have rent a couple of servers in any datacenter) that would like to get this kind of alerts. Would be good to have this tool also available per given ip addresses

    ReplyDelete
  5. Would be nice if Google additionally offered mediums of counsel to high profile webmasters so their s- doesn't simply get shut down.

    ReplyDelete
  6. Individual webmasters, even those with hundreds of domains, should use the existing e-mail alerts. Doing it via IP would be a problem for shared hosting providers, who may have hundreds to thousands of unrelated domains on 1 IP.

    ReplyDelete
  7. It would be really great if we could sign up for these alerts without using a Google account (e.g. just using the abuse handle for our AS). Personal Google accounts are tied to employees, who may not be affiliated with the AS's abuse desk forever.

    ReplyDelete
  8. Brent: Yet, Google, has, twice now, listed a whole bunch of our client domains because of one false positive issue with one domain, because they're hosted on the same IP. So Google is clearly doing some part of this on an IP address basis. Maybe cross checking for other FQDNs hosted on the same IP address.

    ReplyDelete
  9. Yes, we notice the information missing problem for some RIPE ASNs, and made an improvement to our system. It is much better retrieving the AS information now. Please login and try again.

    Thank you for using this tool and the comments.

    ReplyDelete
  10. Glad this had gone public. We have been using this for a few weeks and are loving it. It is great for ISPs!

    ReplyDelete
  11. great, but how do you register an AS. your link takes me to an uninformative page that states:


    Messages
    You have no recent notification emails. Once you add and verify an AS, notifications will be sent over email and appear here.

    ReplyDelete
  12. I received an email. The address was my Cousins email Address.But it had no name of the sender. The address was same but the only difference was The original Emails i received from my cousin had his name in it and the fake one had only the same email address but no name of sender or any signature. How can this happen?
    What has happened in this situation?

    ReplyDelete
  13. This is a great tool! What about a feature to alert administrators of network blocks that have been SWIP'd to them but don't operate an AS?

    ReplyDelete
  14. The RIPE data you're using are VERY outdated - so I can't receive the confirmation email because the email address you're using is not valid since many years

    ReplyDelete

You are welcome to contribute comments, but they should be relevant to the conversation. We reserve the right to remove off-topic remarks in the interest of keeping the conversation focused and engaging. Shameless self-promotion is well, shameless, and will get canned.

Note: Only a member of this blog may post a comment.