Niels Provos of Google’s Security Team published a new post today on the Google Online Security Blog, detailing the actions the company will be taking in order to reduce the presence of hacked sites and harmful malware visible within search results.
The biggest shock from the post is in the third bullet point, where Provos explains the true scope of hacked sites online. According to Provos, up to 14 million search queries through Google searches per day return at least one site with a warning from Google stating that the site may have been hacked and hence, compromised.
Hacked, Harmful and Compromised
When you see any of these terms in a warning from Google, you’ll probably avoid visiting the site in question. That’s only a necessary precaution if the site is labeled as “harmful,” however, since this indicates that paying a visit to the site could result in an infestation of malware on your computer. Sites that are merely labeled as “compromised” have had their content and/or links messed with, but shouldn’t actually affect your computer.
When Google detects that a site has been compromised, they warn the site owners in addition to their search traffic. In fact, Google says that it detects approximately 9,500 new harmful sites every day, and only mislabels a “handful of false positives.” As soon as a site proves that it has “been cleaned up,” Google lifts the warning message from its search results. Google recommends that site owners sign up for Webmaster Tools in order to facilitate fast communication in these matters.
Download and ISP Warnings
Flagging sites in search results is only one action that Google is taking to prevent malware. The post indicates that the site sends approximately 300,000 warnings regarding downloads to users of its Chrome internet browser through the Safe Browsing feature, which also protects against “drive-by malware” and phishing schemes. Google also offers similar protection to Firefox and Safari users through its Safe Browsing API.
Google also claims to send thousands of notifications every day to Internet Service Providers and computer emergency response teams (CERTs) whose networks are suspected to be compromised. Google invites all network administrators to register their autonomous systems (AS) for alerts and notifications.