Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Google Search Engine's Malware Detection Broken - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Google Search Engine's Malware Detection Broken

As of right now, it appears any google search you do will come up with all the same results as before.  What has changed is that it appears to be reporting that every site might contain malware (i.e. it shows the "This site may harm your computer" warning with every result).  Apparently it has been happening for about the last 15 minutes.  So things are going a little haywire there and I'm sure it'll be fixed shortly.  Bottom line, there is no massive web-based attack going on.

The interesting backstory to this is that I discovered this problem with Twitter. Specifically, I use TweetDeck and noticed that all the sudden "harm", "malware", "harmful" and "google" just jumped to the top of the trending list. I took a look and found out about the problem and confirmed it for myself.  I'm still somewhat skeptical of using Twitter trends to get hard-core intelligence about what is going on around you, but it certainly does point out some things to look at, even for information security professionals.

UPDATE X1: It appears international versions of Google search are also impacted.

UPDATE X2: It appears that the problem has since been fixed.

UPDATE X3: Google's reponse: http://googleblog.blogspot.com/2009/01/this-site-may-harm-your-computer-on.html

(Weekend humor: I had thought about this after this was written, but a better title of this diary would have been "Whitelisting: You're Doing it Wrong")

--
John Bambenek, bambenek /at/ gmail \dot\ com

John

248 Posts
ISC Handler
This must be causing widespread panic among those who think that Google 'is' the Internet. Are there any signs of this happening yet? Alert the internet!
Steven C.

171 Posts
Just noticed this myself when I did a search for an automotive parts manufacturer. I was just about to notify you about it till I saw the diary. Thanks for the notification folks!
Glenn

17 Posts
yep, saw it as well and submitted it to the ISC contacts as an FYI just a bit before this update on the ISC was posted. Just can't wait for the flood of complaints from my users, thankfully it's not a week day.
Alan

57 Posts
appears to be fixed now. The internet lives ;-)
Alan

57 Posts
BTW, this also affected Firefox 3, since it consumes the blacklist from Google (yesterday all kinds of sites displayed the \"red curtain\" when I wanted to browse them in FF3)
Anonymous

Sign Up for Free or Log In to start participating in the conversation!