Google Clamps Down on Sneaky Malicious Sites

Sites that repeatedly violate Google’s safe browsing policies will be classified as repeat offenders, the company said last week.

A small number of websites take corrective actions after Google displays alerts on their landing pages warning visitors that they’re harmful. However, they typically revert to violating the policies after Google goes through the process of verifying that they’re safe and removes the warnings.

Google verification procedures may launch automatically, or webmasters canrequest verification through Google’s Search Console.

Webmasters of sites classified as repeat offenders won’t be able to request additional reviews through the Search Console for a period 30 days under the new rules, which went into effect last week.

Google’s warnings will appear on those sites during the 30-day period.

Google will notify webmasters of sites established as repeat offenders with an email sent to their registered Search Console email address.

Sites that host malware or malicious links after having been hacked will be exempted from the new policy.

 malware-spam

The Need to Crack Down

About 1 billion people use Google Safe Browsing, and tens of millions of people are protected every week by warnings placed on malicious websites, according to Google’s transparency report.

Still, that is not enough: Malicious spam is surging, and 61 percent of email Web traffic in September contained spam, according to Kaspersky Lab. That’s an increase of 37 percent compared with Q2, and the largest amount of malicious spam since 2014.

The majority of malicious spam emails contained ransomware; some contained malware or links to malicious sites.

Putting the Squeeze On

“While 30 days may not be strict enough, the behavior [Google is] trying to prevent is malicious intent within the site,” noted Thomas Pore, director of IT and services at Plixer International.

Google’s strategy “may cause the malicious actor to move on,” he told TechNewsWorld, but “the drawback here is that the [actor] may move on and set up another domain, and there will be new victims.”

Cybercrime is a business, and “the more costly we make [it] for the criminal, the better off we will be,” observed Adam Meyer, chief security strategist atSurfWatch Labs.

Fraud is like a partially inflated balloon — squeeze it in your hand and the air will expand into the unrestricted part of the balloon, he observed.

Google is “squeezing the balloon” with its new action, and while criminals will shift tactics in response, the cost to them will go up, Meyer told TechNewsWorld. “Ultimately, exposure should go down, in principle.”

The Impact of Google’s Move

Google’s crackdown “should help shut down sites that are harmful,” said Rob Enderle, principal analyst at the Enderle Group.

However, “it may make people feel safer than they actually are, and it looks like it’s more focused on good PR for Google,” he told TechNewsWorld.

It’s “very easy to work around restrictions like this by launching new sites, and hostile players will likely game the system,” Enderle said. “Until [Google] can actually prosecute the bad players, moves like this are just Band-Aids and don’t approach mitigating the actual problem.”

Web administrators “will need to be more vigilant on correcting vulnerabilities on their websites, and stop sweeping issues under the carpet,” SurfWatch Labs’ Meyer maintained.

Other Steps

“It would be interesting if Google starts looking at the hosting location or ASN (autonomous system number) or provider for many of these sites, as well as the name servers being used,” Plixer’s Pore said.

“While it’s possible that domain registration could be used to identify a malicious actor and then warnings could be applied for other sites that user has registered, most bad actors are using private registration,” he pointed out.

However, given that bad actors tend to be international, the problem will require a global solution, Enderle said, which has “proven elusive to date.”