Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Google Businesses Security The Internet

Google Wants You to Report Malware 135

darthcamaro writes "As part of its ongoing effort to keep a clean index Google is soliciting the help of web browsers to let them know when we find malware in the index. Celebrated Google hacker Johnny Long thinks it's a good idea, though he told the site Internet News that he doesn't think it'll stop real hackers. From the article: 'Most in search of malware for offensive use know the good stuff — it ain't distributed through public Web ... It's distributed through dark Web servers, peer-to-peer networks, IRC channels, torrents and the like. Google's efforts will not affect how skilled hackers get access to malware.'"
This discussion has been archived. No new comments can be posted.

Google Wants You to Report Malware

Comments Filter:
  • by nurb432 ( 527695 ) on Saturday December 01, 2007 @06:43PM (#21547927) Homepage Journal
    Nor should it. Google is now telling me what is moral and immoral and wanting to restrict access on their concepts of right and wrong? Who died and made them king?

    Either they are a public company that should be considered a 'common carrier' or the aren't, which is it to be?
    • by webmaster404 ( 1148909 ) on Saturday December 01, 2007 @06:45PM (#21547943)
      But for the Windows user, it could cut down MASSIVLY on the ammount of malware they get.
      • by quanticle ( 843097 ) on Saturday December 01, 2007 @07:08PM (#21548091) Homepage

        This isn't about that. Google already has a service that reports and detects sites that try to phish your personal information or try to install malware on your machine. No, this effort is to try to purge the Google index of sites that sell malware creation and deployment toolkits to black-hats. IMHO, the original poster is correct. This wouldn't make it much more difficult for script-kiddies and black-hats to get their hands on malware kits, while making it more difficult for white-hats to find information about these programs.

        • Comment removed (Score:4, Informative)

          by account_deleted ( 4530225 ) on Saturday December 01, 2007 @10:11PM (#21549051)
          Comment removed based on user account deletion
          • So why not just report the sites to Symantec?
            • True, but why not just have Google refer all reported sites over to Symantec instead? Symantec probably gets fewer reports of these sites because reporting sites would involve wading through their app (Maybe the newer versions are better, but it always seemed odd that whatever sits in the system tray won't actually get you to anything administrative)

              There's probably a way to report a site through symantec.com, but the site's also relatively hard to get into (compared to Google, I mean) if you're not plannin
          • Knowing Google, they will probably use a purely statistical analysis and user reports would be factored in.
    • Google is definitively not a common carrier [wikipedia.org]
      They do not transport goods/data, they merely search them. As a public company they can drop any search results they disagree with or that make them look bad, etc...

      For Evil or Good, Google can do what it pleases with its search results.
      • by nurb432 ( 527695 )
        If they are not a common carrier and actively filter results, then they need to be held legally liable for any results that are inappropriate/illegal.

        Cant have it both ways.
        • How so? Is linking to something that is illegal, illegal? Doesn't sound necessary.
          • by nurb432 ( 527695 ) on Saturday December 01, 2007 @07:37PM (#21548247) Homepage Journal
            Personally, i feel that if they filter ONE item, EVER, then it blows the entire idea of them not being liable for future content. They really shouldn't be in the business of deciding what is ok and what isn't ok. Just report the links as is, and collect their revenue leaving it up to us to decide what is right and wrong.

            • Re: (Score:3, Insightful)

              by maxume ( 22995 )
              You are being oddly pedantic; Google returns search results in what is essentially an arbitrary order; changing that order based on the presence of malware isn't filtering, at least not anymore than the initial search result is filtering.

              And really, if you don't think that being able to advertise that their searches are 'safe' has the potential to effect revenue, I don't know where to start.
            • no noob, the flaw in your logic is that google don't HAVE to list malware sites if they don't want to. it's their service, if what you are searching for (malware) isn't listed how is that a liability for them? Are you one of these people that think the internets is google?
              • Re: (Score:1, Flamebait)

                by nurb432 ( 527695 )
                No, they are company that must abide by local laws and international treaties. They can NOT just do whatever they feel like. Nor can you. You may think you can, but if you violate the law in doing 'what ever you feel like' you get tossed in jail ( if you get caught )

                I will say it again, for the last time:. If they filter once, they should be liable for any future result. if they filter 'malware' results, but allow KP results, they should be put out of business. You cant selectively decide what you want to
                • Re: (Score:3, Insightful)

                  by maxume ( 22995 )
                  Google already selectively decides what it wants to let through. They call it 'Pagerank'. I've heard dirty rumors that different people get different results for the same search, and that sometimes, the number of results printed on the result page doesn't match up with the actual number of results available. Also, I've heard that they have removed stuff based on DMCA takedown notices.

                  If you have a problem with Google doing this, you have a problem with what Google was doing yesterday.
                • by hedwards ( 940851 ) on Saturday December 01, 2007 @08:22PM (#21548519)

                  I will say it again, for the last time:. If they filter once, they should be liable for any future result. if they filter 'malware' results, but allow KP results, they should be put out of business. You cant selectively decide what you want to let thru then claim protection on the basis that you cant control illegal content.
                  Why? Your argument makes abolutely no sense whatsoever. Of course they can filter one thing out, they could manually do it without any additional technolgy, by having a temp or intern manually typing in regexes. If they could be held liable for not getting all the kiddie porn off their results, they already would.

                  Regardless of your opinion, it is far easier to remove malware than it is to remove kiddie porn. For starters identifying kiddie porn requires in many instances knowing the age of the participants, while it is reasonable to assume that a 3 or 4 year old isn't 18, when you start talking about 14 or 15 year olds, it isn't necessarily an easy determination to make in large quantities. With malware, it is relatively straightforward to determine what if anything its doing. Some adult women are the same proportions as teenage girls.

                  The other thing is that there will always be malware, child porn and various other types of bad stuff on the net, the initiative here is to try and limit it. Google isn't going be able to stop linking to enough sites to stop it, but hopefully hit enough of them that people don't casually run into it.
            • They already filter many search strings related to finding credit card numbers or social security numbers. Search strings like:

              "visa 4356000000000000..4356999999999999" ; which normally could be used to turn up a list of visa credit card numbers. Something similar can be done with social security numbers, although I dont remember the exact number range.

              • by penix1 ( 722987 )
                I see the point the OP is making though. He is making the slippery slope argument (not very effectively though) that once you filter for one item, the avalanche will tumble on you to filter any item made by any group.

                Personally, I think they should have a similar rating system to /. not the page rank crap they currently have which is set by Google. Let the users decide if some link is crap and rate it as such and display the total score possible with user comment tags. I can't tell you how many times I hit
          • Is linking to something that is illegal, illegal?

            Did you miss the raid on The Pirate Bay and Oink?

        • why are you attempting to confuse the issue with common carrier status, because they are a search site, NOT an isp or teleco.

          The whole legal liability of search results has been done to death already, google are totally in the right here.

      • by darkpixel2k ( 623900 ) on Saturday December 01, 2007 @08:26PM (#21548535)
        As a public company they can drop any search results they disagree with...

        I could give a shit about the windows malware that's out there. I don't run Windows and a good portion of my client base either doesn't run windows or doesn't have access to the net. But what I really wish google would fucking drop from their index is experts-exchange and tech-republic.

        The last damn thing I want any of my search results to return is "Hey--here's the answer you're looking for. The solution is to...[PAY US FOR A FUCKING SUBSCRIPTION PLEASE]"
        • I wholeheartedly agree with you, especially if it's a fairly obscure BSOD code and they're 2 of 10 results.
        • by gniv ( 600835 )
          The answers are there, in fact, but they are all the way at the bottom of the page. (I'm not condoning their behavior, just spreading the word).

          For example, scroll down on this page: http://www.experts-exchange.com/Programming/Languages/Scripting/Shell/Batch/Q_22848900.html [experts-exchange.com]

          • Yeah--so I clicked on the 'Related Solutions' button and picked the first result--one about if statements in batch files.
            It [experts-exchange.com] asks me to sign up to see the answer.

            They have a few pages that are free, but most require a subscription.
        • Don't like some of the search results? Create your custom google search page then. Just write up a quick page in HTML that posts to the google search form and then just add the string -whatever (google has domain specifiers) with the page. So when you type "pointers" in your page it will submit to the google search:

          pointers -site:tech-republic, etc.

          Not hard
        • by Albio ( 854216 )
          Whenever I end up at Experts-Exchange, I've found that the bottom of the page contains replies and solutions.

          [Question]
          [HEY! BUY A SUBSCRIPTION!]
          [scroll scroll scroll]
          [Answers]
        • But what I really wish google would fucking drop from their index is experts-exchange and tech-republic. The last damn thing I want any of my search results to return is "Hey--here's the answer you're looking for. The solution is to...[PAY US FOR A FUCKING SUBSCRIPTION PLEASE]"

          I completely agree. Google has become lazy, or just too arrogant (just like Altavista had when Google started offering better results than it did). Try this CustomizeGoogle [mozilla.org] firefox extension. This little extension has saved me hour

      • Re: (Score:1, Troll)

        by mikael ( 484 )
        Trying doing a google image search for "prayer beads", "brake pads" or "adsorption". None of these keywords will show up any pictures with Google because they both contain the substring "ads".

    • by Impeesa ( 763920 )
      Google doesn't provide access, it only indexes (wow, that sounds familiar), so the common carrier argument is totally unrelated. In this case, it's more like a phone book refusing to list crack dealers in the yellow pages, and requesting that people report any crack dealer listings that happen to slip in somehow.
  • by Anonymous Coward on Saturday December 01, 2007 @06:43PM (#21547929)
    Obviously hackers don't look for their tools on Google. But if regular people get to websites through Google's index, Google does not want them to get infected by web-borne malware.
    • Exactly. There was an incident [blogspot.com] this past week where numerous websites registered under the .cn TLD but hosted somewhere near Chicago were finding their way into many Google search results. The only purpose of the sites was to gain high pagerank and infect unfortunate clicker-onners with malware. The problem was discovered and reported by folks outside Google, so Google wants to make sure that people have a way to report such problems before they get out of hand.

      Whether this is a losing battle or not is a
  • by Wog ( 58146 ) on Saturday December 01, 2007 @06:45PM (#21547939)
    'Most in search of malware for offensive use know the good stuff -- it ain't distributed through public Web ... It's distributed through dark Web servers, peer-to-peer networks, IRC channels, torrents and the like. Google's efforts will not affect how skilled hackers get access to malware.'

    I imagine the idea is that people who are making (ahem) innocent searches will not be so prone to stumble across a malicious page with the latest unpatched IE/Firefox/Whatever exploit.
    • Re: (Score:1, Flamebait)

      by bagsc ( 254194 )
      "Most in search of malware for offensive use know the good stuff"

      For those of you native English speakers who also had to read this five times to understood what it meant, I shall clarify:

      most - adj. Used here as a noun. Also used as an adverb.
      search - v. Used here as a noun
      offensive - adj. Noun if you read too much Iraq news like me.
      use - v. Used here as a noun
      good - adj. Typically used to describe desirable qualities for humanity. Used here to denote desirable qualities for bad people.

      Three levels of
      • Re: (Score:2, Troll)

        Criticizing the sentence and then showing your lack of expertise in the language? :P

        "Use" is not a verb in this sentence. Use as in "I have found a use for this" is a noun.

        "Offensive" is used as an adjective describing "use"

        "Good" is used to describe "stuff" and in this context it means "good at what it was meant to do". It isn't confusing at all.

        It isn't three levels of prepositional phrases. It's three prepositional phrases back to back (which is also not uncommon). "in search" (preposition, object) "
        • You can see my response to the grandparent pointing out his errors, including "most" being a plural pronoun (not merely common venacular). However, the prepositional phrases, while not confusing in the slightest, were nested. "For offensive use" was clearly an adjective describing malware in "of malware". "Of malware for offensive use" is a prepositional phrase used as an adjective to describe the search in "in search". "In search of malware for offensive use" is a prepositional phrase used as an ajecti

          • Actually, "most" could be interpreted two ways. One is as a plural pronoun, however the other is as an adjective for the understood subject "people" (understood in the same way that "you" is in the sentence "Do the dishes"). Both would be acceptable.

            Additionally, the prepositional phrases are not nested, and all three are indeed prepositional phrases. The first is used as an adjective, and the last two as adverbs. Prepositional phrases are categorized as a sequence of preposition [adjectives] subject.

            I
            • preposition [adjectives] object rather.

              (this is what I get for multitasking)
            • Actually, "most" could be interpreted two ways. One is as a plural pronoun, however the other is as an adjective for the understood subject "people" (understood in the same way that "you" is in the sentence "Do the dishes"). Both would be acceptable.

              You only get an implied subject in your example because it is a command (most languages have a special conjugation for the command form of a verb, not so in English.) I am hard-pressed to think of an example of syntax that would allow you to modify this subjec

              • The understood subject of "people" can exist because "Most" can be treated as an adjective in this instance. "Most" describes some group of things (depending on the subject of the sentence, it could have been people, puppies, killer robots, flying spaghetti monsters, etc etc etc). It isn't restricted to declarative sentences.

                "Yeah, that makes a lot of sense once we remove the phrases that the nested prepositional phrases modify."

                You really seem to be having a problem understanding the following.

                1) A prepo
                • "isn't restricted to declarative sentences"

                  Commands rather. (Again multi-tasking bites me in the rear as I try to arrange thoughts).

                  While it's true that it's most common in commands, it is by no means restricted to them.
            • CENTURION: What's this, then? 'Romanes Eunt Domus'? 'People called Romanes they go the house'?
              BRIAN: It-- it says, 'Romans, go home'.
              CENTURION: No, it doesn't. What's Latin for 'Roman'? Come on!
              BRIAN: Aah!
              CENTURION: Come on!
              BRIAN: 'R-- Romanus'?
              CENTURION: Goes like...?
              BRIAN: 'Annus'?
              CENTURION: Vocative plural of 'annus' is...?
              BRIAN: Eh. 'Anni'?
              CENTURION: 'Romani'. 'Eunt'? What is 'eunt'?
              BRIAN: 'Go'. Let--
              CENTURION: Conjugate the verb 'to go'.
              BRIAN: Uh. 'Ire'. Uh, 'e
      • I know someone already called you out on this, but incorrectly. Hence, I shall also attempt to explain:

        • Most: A plural pronoun, in addition to an adjective.
        • Search: In addition to a verb, a noun meaning the act of searching.
        • Offensive: An adjective to describe "use" (see below).
        • Use: Noun, a method of employing something. Ironically, Merriam-Webster lists this usage as more common than "use" as a verb.
        • Good: Pejorative use of the adjective.

        Also, apparently the nesting of prepositional phrases was conf

  • by sirwired ( 27582 ) on Saturday December 01, 2007 @06:56PM (#21548005)
    The point of this is not to keep hackers from finding malware, it is to keep Google search users from getting infected through poisoned search results.

    Duh.

    SirWired
    • The point of this is not to keep hackers from finding malware, it is to keep Google search users from getting infected through poisoned search results.

      Duh.


      This is exactly what ScrubIT has been doing for a long time now. Instead of search results, it is DNS, which blocks malware sites. It has a function to submit sites to be added to the blacklist.

      Many think ScrubIT as a filtered DNS service is just a porn filter to protect the kids. It's much more than that. It kills phishing and malware sites also. Th
  • Obviously, by definition, skilled hackers can get the tools they need without google's help (or despite google's measures).
    I think this is a great move by Google anyway. The hackers I find annoying are the 'script kiddies'; these kids (or immature adults) can too easily find programs that waste my bandwidth, hitting my server to find obvious holes, looking for very outdated software; in general, banging their heads against my firewall. If a 'real' hacker wants to waste his time, he could probably find som
  • Celebrated Google hacker Johnny Long thinks it's a good idea, though he told the site Internet News that he doesn't think it'll stop real hackers.

    Who told Johnny Long that the purpose of this development was to "stop real hackers?" I am speculating now that one of the purposes of this development is to mitigate the damage these hackers create.

    In my opinion, hackers are more like terrorists. They are motivated by sadism and determined at their craft.

    • In my opinion, hackers are more like terrorists. They are motivated by sadism and determined at their craft.

      This may have been true some time ago. The folks who create and spread malware these days are motivated by simple greed. Botnets and such are big business. So is the information harvested from unsuspecting users through key loggers. Terrorists tend to be ideologically motivated regardless of whether the ideology is religion, politics or whatever.

      Change the economics of web sites hosting malwar

  • Just malware? (Score:4, Interesting)

    by rhizome ( 115711 ) on Saturday December 01, 2007 @07:02PM (#21548061) Homepage Journal
    I'm not a religious man, but I pray for the day Google allows you to blacklist certain domains globally (for your cookie or login). Malware sites sure, but link farms and pay-forums and gopher indexes and yadda yadda clog up so much, I'm thinking this feature would be akin to a Do-Not-Call list for the web.
    • by Feyr ( 449684 )
      hell yeah! i'd blacklist that shit site called expert-exchange.com, it's ALWAYS in my search results
      • by musakko ( 739094 )
        Amen!! %#&%$%n' Expert-exchange is right up there every time I google any technical/coding problem, no matter how obscure..
        • by rhizome ( 115711 )
          Amen!! %#&%$%n' Expert-exchange is right up there every time I google any technical/coding problem, no matter how obscure..

          Little-known fact: the experts-exchange answers are at the bottom of the page. They just insert those fake greyed out boxes to throw you off.
    • You can already do this with your hosts file. Put the offending host in your hosts file and set the IP address to the loopback address or to 0.0.0.0. If you are talking about blacklisting from search results, now yes, that would awesome.
    • We could call this crap the malweb, and malwebsites. I get those so often in my searches I usually just give up.
    • Re: (Score:2, Informative)

      by nullbort ( 944876 )
      The CustomizeGoogle [customizegoogle.com] extension for Firefox allows you to blacklist sites from search results.
  • DTTP? (Score:5, Funny)

    by BorgCopyeditor ( 590345 ) on Saturday December 01, 2007 @07:14PM (#21548117)

    'Most in search of malware for offensive use know the good stuff -- it ain't distributed through public Web ... It's distributed through dark Web servers

    Well, then, they should just block the ports typically associated with the DarkText Transfer Protocol.

    • Or they could look for the directives commonly associated with DTTP and not found among HTTP's GET and POST, namely, PURLOIN and FOIST.
  • I think Johnny Long and Google have different goals. I think Google wants to protect users from unsuspectingly visiting sites that will exploit browser bugs (i.e. the sites themselves are malware, no user would search for it explicitly), while Johnny Long thinks this is about preventing the spread of rootkits and the like (which people would search for explicitly).
  • Ghee - if you have the time and...

    - get a phising email for your paypal account
    - get a dubious email from your bank asking to reenter your credentials ....

    don't you go to those sites and feed them expired credit card numbers, wrong information and then report them anyway?

    It's great that Google provides resources for to accomodate reporting but hardly any exciting at all.

    To get so worked up about it by branding it as inefficient or thinking the Big Brother tries to tell you what is right or wrong surely is
  • by Adult film producer ( 866485 ) <van@i2pmail.org> on Saturday December 01, 2007 @07:22PM (#21548151)
    let users flag all of those websites that only have indexes of other websites, link farms or whatever they're call... and please let me flag those "ask the expert" pages as spam.
    • et users flag all of those websites that only have indexes of other websites...


      Yes, and the moment they do that, all the trolls and script kiddies out there would be listing Google itself, because what is it except an index of other sites?

    • Re: (Score:3, Interesting)

      by AlXtreme ( 223728 )
      But then Google wouldn't be able to show you all their Adwords on those websites (and the ones they link to).

      Why do you think Google isn't doing anything against link-farming? Because they merely have to act ignorant and rake in the cash. Vote with your feet and use a different search engine (or meta-searchengine like clusty), diversity is good.
  • by PPH ( 736903 )
    In Soviet Russia, plug an unprotected Windows system into the InterWeb and malware finds you!
  • What would be more helpful is if someone set up a distributed, fully automated IP address blacklist system and web servers and intrusion software could simply log IP address "hate" a-al a system like this http://savingtheinternetwithhate.com/ [savingthei...thhate.com]

    I'd love to be able to get a daily list of IP addresses that have been community-logged with reputations as having "bad behavior" (like worm propigation, scanning for website or ssh weaknesses, DOS attacks, open relays, etc) to feed to a firewalls, ssh and web server, e
  • by SeaFox ( 739806 )
    In Soviet Russia, malware reports YOU!
  • by thyrf ( 1059934 )
    I doubt google are trying to stop hackers getting at materials. What they are doing though, is stopping you average Mr. Joe Bloggs from being suckered in to download malware from a site found from a google search.
  • I wonder if this system will affect listings in Google for small security firms who publish "proof of concept" demonstrations of new exploits. Could this lead to an unintentional (?) block of such firms' research products?

    • I sincerely hope not. However, I suspect that if it's automated in any fashion, some sites will get wrongly tagged. The general public doesn't know the difference.
      • If my guess is right, the scans are almost certain to be almost completely automated, at least for the "first stage." Then again, Google has some incredibly smart people working for them, and my hope is that secondary analysis of the results would prevent inappropriate blocking of benign sites.

  • Quoth the poster: "Google's efforts will not affect how skilled hackers get access to malware."

    It may not stop skilled crackers from gaining access to rootkit builders, trojan generators, etc, but if implemented properly it will definitely help identify sites actively hosting pages designed to exploit things like browser vulnerabilities to compromise user machines. Less fodder for the botnets is a good thing in my book.

  • Dear Google, (Score:4, Insightful)

    by iminplaya ( 723125 ) on Saturday December 01, 2007 @07:59PM (#21548373) Journal
    Sony, the RIAA, the MPAA, the FBI, the CIA, the NSA all produce malware. Please block access to their sites.
    • by Dunbal ( 464142 )
      Not to mention Comcast. Sending RST commands at will is pretty much malware in my book.
  • I really fear for how this will affect full disclosure security sites. These sites are vital and used by security professionals world-wide.

    Are they going to ignore sites safely hosting exploit code, or just those attempting to actively use it against the browser? Let's hope it's only the latter.

  • Ooh sounds so scary!!
  • Comment removed based on user account deletion
  • McAfee's SiteAdvisor [siteadvisor.com] already looks for malware available from web pages, downloading everything that might be a threat and running it in a virtual Windows machine with Internet Explorer. SiteAdvisor does the work themselves; they're not trying to get people to work for them for free. Google already had something like that, although not as good. Allowing users to add to the machine-generated lists is useful, but not a big deal.

    Besides, why work for Google for free? If you're going to report phishing si

  • Stopping spurious search results is a good idea (I have mentioned scraper malware .cn domain sites before). However, a big problem is the hurdles you have to jump to shut down servers and home computers that are spewing spam and acting as a base of operations for malware. Say you find one, pin it down to the IP, then pin down the ISP/data center. Your next course of action is to submit a complaint to the abuse department. Then you wait for days. The server continues doing what it is doing. You submit
  • If it's not open source, it's malware. If it is open source, it might still suck, though!
  • This censorship thing is going to bite them in the ass eventually. I mean why use a diluted source, when you can get a pure source else where? Some of us may want to find malware in order to experiment with it in order to get a better understanding.
  • I use McAfee SiteAdvisor, it's free and it warns you when you're headed to an malicious website and stuff.

Keep up the good work! But please don't ask me to help.

Working...