|
| Top
Security News |
'I Love You' Marks Seventh Anniversary
The Love Letter virus that used a Visual Basic script to infect millions of machines and caused billions in damages in 2000 marked a turning point in...
PayPal, EBay Phishes Continue Swimming
PhishTank, a community project by OpenDNS to identify phishing threats, found PayPal and eBay atop its list of top ten targets for April 2007. The PhishTank site site serves as a community focused way of dealing...
Security Turns On A Friendly Card
.
Innovative Card Technologies has made deals with VeriSign and Actividentity that should spur its smart card technology into the pockets of consumers. The age of the single factor authentication for ATM or...
Phishers Could Trawl With Pre-Phishing Attacks
If a pre-phishing attack works, it gives up a couple of pieces of information to the attacker: a username and password combo for a 'non-critical' website, and and the fact the recipient might be credulous enough to...
If It Acts Like Malware...
Then it definitely is not an improvement and should be avoided by everyone who needs to use their PC. We are testing some RSS readers; web 2.0 based RSS readers and ran across a reader that has a number of interesting side effects. I will not name the...
Storm Worm Storms Back
ZIP files in password protected email bodies have replaced EXE files as the payload of choice for delivering Storm worm files to unsuspecting users. Storm worm downloads have been flying around the Internet...
|
|
|
|
The threat of malicious websites hosting exploits has reached a point where Google's engineers have decided to respond with a security analysis of the pages they index.
For websites that contain malware through no active fault of the webmaster, or sites that do not properly sanitize user contributed content, the ultimate Internet penalty could be imposed on them - a Google advisory that the site found in a search is unsafe.
That could effectively destroy traffic to a site that has been hacked or designed poorly. Nick Carr calls Google's security aims a plan to police the Web.
"If the plan goes forward, Google will use new software to automatically identify compromised web pages in its database and label them as "potentially harmful" in its search results," he said in a blog post.
Google's internal analysis, seen in their PDF report on malware delivered through regular websites, found hundreds of thousands of web pages that either launch drive-by downloads of malicious or suspicious software.
The search company plans to fight back with a heuristic look at the pages they index.
Carr thinks the stakes are high for webmasters and designers.
However, Google's Matt Cutts took issue with Carr's headline about Google policing the web, and described it as inaccurate.
"Almost exactly a year ago, Google and other search engines were raked over the coals for exactly the opposite reason: allowing users to get infected with malware from search engine results," said Cutts.
He noted that Google users liked the malware protection the search site his already deployed, which serves up an interstitial warning to someone about to visit a potential malware site.
"Certainly compared to other search engines I think we provide more notice to users about potential malware urls, and we provide more info to webmasters about potentially hacked urls," said Cutts. "So I think Google's response to this issue balances the needs of users and webmasters pretty well."
It all comes back to botnets, and the widespread infestation of bots in computers worldwide.
That spread has been partly due to the drive-by nature of infections cited by Google's Niels Provos, one of the people who conducted Google's security study.
He observed how bots have been victimizing casual visitors of websites hosting that malware.
With the ability to silently install, and in some cases deactivate the security software in place that could stop it, bots are a primary threat to Google.
They could cause people to mistrust Google's search results, and the search company does not want that to happen.
About
the Author:
David Utter is a technology writer for SecurityProNews, WebProNews, and InternetFinancialNews.
|
|
,
Inc. 2549 Richmond Rd. Lexington KY, 40509
