iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > Google Touts Malware Fight, Skips Real Question
Search:
[ insider_reports_insider ]

Google Touts Malware Fight, Skips Real Question



David Utter
Staff Writer
2008-04-18

SecurityProNews: Insider Reports Insider Reports RSS Feed


The ongoing battle against malware brought plenty of good guys to the fight, but Google's latest discussion of its role leaves out a key question.

Google Touts Malware Fight, Skips Real Question
Google Touts Malware Fight, Skips Real Question

Why is Google accepting lists of search results from websites, when those search results have been loaded with malicious SEO poisoning attacks?

The latest post from Google's Online Security blog discusses malware from a high-level view, and the steps Google takes to help limit its exposure in its search results.

"The conventional wisdom was that you could avoid malware by learning to spot sites that were created with the sole purpose of spreading it, and by staying away from other sites that might be risky," said Google's Panayiotis Mavrommatis.

"But recent research from Google suggests that an increasing number of malware attacks are taking place on sites you'd normally regard as safe or legitimate, but have actually been compromised."

No kidding. Major websites for Wal-Mart, USA Today, the Miami Herald, and others have all seen iframe injections happen, through the injection of malicious code through the search forms on their sites.

The search results for these queries end up going back to Google, where someone searching on Google for the topic of that query may encounter them and trigger an attack through the iframe. Google is working on cleaning up these results, but if they're being more proactive in detecting these unsanitized queries in the first place, before pulling them into their index, they aren't saying.

We hoped to see more about this on their Online Security blog. Today's tepid discussion of malware and prevention would have been improved by a little more disclosure about the SEO poisoning attacks.


About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds