Google Studies Effectiveness of Its Web Hijacking Notifications

When webmasters are contacted directly about problems with their Websites, they fix them more quickly, according to a study from Google and UC Berkeley.

Google, safe browsing

As part of its Safe Browsing campaign, Google has routinely used Web notifications, search alerts and direct emails to warn webmasters of potentially unsafe content on their Websites.

Between July 2014 and June 2015, such alerts and communications covered some 761,000 Websites—many of them personal blogs and pages belonging to small businesses. In many cases, Google sent out emails directly to webmasters. In other instances, Website owners learned of problems on their sites via the browser alerts that Google serves up to warn users when they arrive on a potentially dangerous site.

Google this week released the results of a study it did in collaboration with researchers at the University of California at Berkeley to look at the effectiveness of such communications in helping Website and blog owners secure their sites.

The goal was to try and find out how to optimize the delivery of notifications to webmasters while minimizing stress for the recipients, Google spam and abuse researchers Kurt Thomas and Yuan Niu said in a blog post.

A key takeaway from the study was that direct communication with webmasters via email increases the likelihood of the Website being cleaned up by more than 50 percent and reduces infection duration by 62 percent.

The study showed that when Google communicated with webmasters via email, 75 percent mitigated the problem. When Google did not have the email address of the webmaster and used browser warnings instead, about 54 percent of Website owners fixed the problem while search warnings prompted about 43 percent to fix issues on their site.

Knowing which channel of communication was most effective is vital because one of the hardest steps in getting Websites to clean up is finding a way to get in touch with the webmasters, the Google researchers said.

The tips and samples of infected pages that Google included in its direct communications to webmasters helped them remedy the issue significantly faster compared to situations where a Website owner did not get such guidance.

Even so, the study showed that a fairly substantial proportion of sites that fixed issues with Google's help were quickly re-infected. When Google monitored recently remediated sites, it found that 12 percent of them were compromised again in barely a month. "This illustrates the challenge involved in identifying the root cause of a breach versus dealing with the side effects," Thomas and Yuan Niu said.

According to Google, unsafe and potentially harmful Websites pose a risk to roughly 10 million Internet users each week. A vast majority of them belong to smaller businesses and individuals. Over the last year, Google counted some 800,000 compromised Websites around the world, or roughly 16,500 new sites each week. People who visited such sites were exposed to malware, drive-by downloads, spam and what Google described as low-quality scam content.

Often, the owners of such Websites are unaware of security problems on their site because someone else might have compromised it and they learn of it only after being notified by Google or via Google's Safe Browsing or search. Importantly, when informed of a problem, many site owners are unable to do anything about it because they lack the needed security skills, the Google researchers said.

"While browser and search warnings help protect visitors from harm, these warnings can at times feel punitive to webmasters who learn only after the fact that their site was compromised," the Google researchers said in explaining why the company is looking to find better ways of communicating the issue to Website owners.

Jaikumar Vijayan

Jaikumar Vijayan

Vijayan is an award-winning independent journalist and tech content creation specialist covering data security and privacy, business intelligence, big data and data analytics.