In an effort to help owners of compromised Web sites find and remove hidden malware, Google is now offering a malware identification tool to Webmasters who have registered their sites with the company.

Thomas Claburn, Editor at Large, Enterprise Mobility

October 12, 2009

2 Min Read

Google has enabled an experimental feature in its Webmaster Tools to help Web site owners identify malware infections.

Google automatically scans for malware as its indexes Web pages and it provides warnings in Google search results when it detects software that it believes to be dangerous.

The company also provides its malware warnings to the users of browsers, such as Chrome, Firefox, and Safari, to protect people from sites believed to be malicious.

And when it finds malware, Google will e-mail site owners, advising them that it has found an infection.

But such warnings don't provide much detail about the problem.

Google aims to remedy that with the "Malware details" Labs feature in Webmaster Tools.

The Labs menu in the left hand column of the Webmaster Tools dashboard for each registered site includes a "Malware details" link, which presents a list of Web pages where Google found malware and samples of the malicious content.

In some cases, the tool will identify actual malicious code, even if obfuscated JavaScript, for example, isn't very easily interpreted. The point is to make remediation easier.

Google warns that its malware information isn't perfect and that Web site owners should use Google's information as a starting point.

"Google's scanners may not be able to provide malware samples in all cases, and the malware samples may not be a complete list of all the malware on the page," says Google engineer Lucas Ballard in a blog post. "More importantly, we advise against simply removing the examples that are displayed in Webmaster Tools. If the underlying vulnerability is not identified and patched, it is likely that the site will be compromised again."

InformationWeek has published an in-depth report on smartphone security. Download the report here (registration required).

About the Author(s)

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights