It’s Cyber Security Awareness Month, and the folks at Google are taking it seriously. Having already built automated scanners to detect malware on Websites in its search index, Google has now added a feature designed to provide more detail to Webmasters whose sites are compromised.
To do this, Google has enhanced Webmaster Tools to offer Webmasters samples of the malicious code the company’s scanners have uncovered. The samples – which Google says typically take the form of injected HTML tags, JavaScript or embedded Adobe Flash Player files – are available in the “Malware details” Labs feature.
“Registered Webmasters (registration is free) of infected sites do not need to specially enable the feature — they will find links to it on the Webmaster Tools dashboard,” blogged Lucas Ballard, on behalf of Google’s Anti-Malware, Anti-Malvertising and Webmaster Tools teams. “Webmasters will see a list of their pages that we found to be involved in malware distribution and samples of the malicious content that Google’s scanners encountered on each infected page.”
Here is an example of what the feature looks like and the type of information it will provide. Though this move by Google undoubtedly offers additional insight to Webmasters, Ballard cautioned against using the tool as the be-all-end-all to Website security.
“Google’s scanners may not be able to provide malware samples in all cases, and the malware samples may not be a complete list of all the malware on the page,” he explained. “More importantly, we advise against simply removing the examples that are displayed in Webmaster Tools. If the underlying vulnerability is not identified and patched, it is likely that the site will be compromised again.”