Over the past few months, Google’s systems have detected a number of bulk subdomain providers becoming targets of abuse by malware distributors. Bulk subdomain providers register a domain name, like example.com, and then sell subdomains of this domain name, like subdomain.example.com. Subdomains are often registered by the thousands at one time and are used to distribute malware and fake anti-virus products on the web. In some cases our malware scanners have found more than 50,000 malware domains from a single bulk provider.
Google’s automated malware scanning systems detect sites that distribute malware. To help protect users we recently modified those systems to identify bulk subdomain services which are being abused. In some severe cases our systems may now flag the whole bulk domain.
We offer many services to webmasters to help them fight abuse, such as:
- Webmaster Tools lets webmasters find examples of URLs under their domains that may be distributing malware.
- Google Safe Browsing Alerts for Network Administrators allows owners of Autonomous Systems to get notifications for hosts that are involved in malware delivery.