Google Helps Webmasters Spot Malware

Google has enabled an experimental feature in its Webmaster Tools to help Web site owners identify malware infections.

Google automatically scans for malware as its indexes Web pages and it provides warnings in Google search results when it detects software that it believes to be dangerous.

The company also provides its malware warnings to the users of browsers, such as Chrome, Firefox, and Safari, to protect people from sites believed to be malicious.

And when it finds malware, Google will e-mail site owners, advising them that it has found an infection.

But such warnings don't provide much detail about the problem.

Google aims to remedy that with the "Malware details" Labs feature in Webmaster Tools.

The Labs menu in the left hand column of the Webmaster Tools dashboard for each registered site includes a "Malware details" link, which presents a list of Web pages where Google found malware and samples of the malicious content.

In some cases, the tool will identify actual malicious code, even if obfuscated JavaScript, for example, isn't very easily interpreted. The point is to make remediation easier.

Google warns that its malware information isn't perfect and that Web site owners should use Google's information as a starting point.

"Google's scanners may not be able to provide malware samples in all cases, and the malware samples may not be a complete list of all the malware on the page," says Google engineer Lucas Ballard in a blog post. "More importantly, we advise against simply removing the examples that are displayed in Webmaster Tools. If the underlying vulnerability is not identified and patched, it is likely that the site will be compromised again."

InformationWeek has published an in-depth report on smartphone security. Download the report here (registration required).