Why are you reading this? Go outside. Do something meaningful with your life.

Wednesday, October 15, 2008

"This site may harm your computer"

You may have seen those words in Google search results - but what do they mean? If you click the search result link you get another warning page instead of the website you were expecting. But if the web page was your grandmother's baking blog, you're still confused. Surely your grandmother hasn't been secretly honing her l33t computer hacking skills at night school. Google must have made a mistake and your grandmother's web page is just fine...


I work with the team that helps put the warning in Google's search results so let me try to explain. The good news is that your grandmother is still kind and loves turtles. She isn't trying to start a botnet or steal credit card numbers. The bad news is that her website or the server that it runs on has a security vulnerability, probably from some out-of-date software.  That vulnerability has been exploited and malicious code has been added to your grandmother's website. It's most likely an invisible script or iframe that pulls content from another website which tries to attack any computer that views the page. If the attack succeeds viruses, spyware, key loggers, botnets and other nasty stuff will get installed. At best you'll waste hours cleaning up you computer; at worst you'll lose all your data and have money stolen from your bank account.

If you see the warning on a site in Google's search results, it's best to pay attention to it. Google has automatic scanners that are constantly looking for these sorts of web pages. I help build the scanners and can say that they're astonishingly accurate. There is almost certainly something wrong with the website even if it is run by someone you trust, like your grandmother.   

Servers are just like your home computer and need constant updating. There are lots of tools that make building a website really easy, but each one adds some risk of being exploited. Even if you're diligent and keep all your website components updated, your web host may not be. They control your website's server and may not have installed the most recent OS patches. And it's not just innocent grandmothers that this happens to. There have been warnings on banks, sports teams, and corporate and government websites.

If your website has been struck by malware, there are some resources to help you clean it up. stopbadware.org has some great information and their forums have a number of helpful and knowledgeable volunteers who may be able to help. You can also use Google SafeBrowsing diagnotics page for your site (http://www.google.com/safebrowsing/diagnostic?site=<insert-site-name-here>) to see specific information about what Google's automatic scanner have found. Once you've cleaned up your website, use Google's Webmaster Tools to request a review. The automatic systems will rescan your website and the warning will be removed if the malware is gone.

1 comment:

Unknown said...

Oliver,

When you wrote about grandmother's baking site, did you mean this site:
grandmother: www.mygrannysrecipes.net ? ;-)

Actually not the warning you wrote about, just another hacked and defaced "grandmother's" site.