Google calls for users to report malicious sites

Google is hoping users of its search engine will report "bad sites" to help the company fight criminals exploiting its infrastructure in order to distribute malicious software.

According to the Google security blog, the search giant already knows about hundreds of thousands of "bad" Web sites but is hoping that its users will add to the list by completing an online form to report malicious sites that are not already flagged.

The fight is important to Google because sites containing malicious software endanger the search giant's reputation by exploiting and infecting its users. This was described recently in a blog by security company Sunbelt.

Last year, Google started flagging sites listed in its search results that contain malicious software. When a bad site is selected, instead of being sent to the site, the user is shown a message saying, "Warning--the site you are about to visit may harm your computer!" Users then have the option to continue or return to the search page.

Google "independently checks the Web for badware and badware-linking code...using its own test procedures," according to StopBadware.org, which is working together with Google in its fight against malicious Web sites.

This is nothing new for security company McAfee, which already trawls the Web for sites hosting malicious software and has members of the public reporting bad sites to McAfee SiteAdvisor.

Google's flagging of bad sites is not nearly as comprehensive as SiteAdvisor, according to a McAfee representative.

SiteAdvisor sits in the browser and ranks all sites as red, yellow, or green. These are ranked via information on whether the site hosts malicious software; whether it is a spamming site, where entering your e-mail address could result in thousands of spam e-mails; whether the site is linked to sites hosting malicious software; or whether it is a scamming site, where some form of money scam is conducted.

In addition, if a user enters the URL of a rated Web site at SiteAdvisor, detailed information on the tests run and reasons for ranking the site are displayed. This helps a user decide whether he or she can still make use of the site while avoiding its bad elements.

According to McAfee, SiteAdvisor downloads are "running into the tens of millions."

Suzanne Tindal of ZDNet Australia reported from Sydney.

[damonbock]

This is Days Late..and somewhat inaccurate

I thought this site was called News.com - not OLD News.com

Slashdot had this story on Saturday
http://it.slashdot.org/article.pl?sid=07/12/01/2152228

InternetNews.com has this story on Friday:
http://www.internetnews.com/security/article.php/3714041

And the Google blog post itself was on Thursday:
http://googleonlinesecurity.blogspot.com/2007/11/help-us-fill-in-gaps.html