Google has introduced a new security feature in its search engine to flag more web pages that might have been compromised by hackers. This new feature expands Google's long-standing program that marks websites hosting malicious software with a “This site may harm your computer” warning. Now, a new notation, "This site may be compromised," will indicate pages that may not be malicious but show signs that the site might not be fully controlled by its legitimate owner. This often happens when spammers add invisible links or redirects to unrelated websites, such as pharmacy sites.

Additionally, Google will identify sites that have had phishing pages added by hackers. According to the Anti-Phishing Working Group, between 75% and 80% of phishing sites are legitimate sites that have been hacked and seeded with phishing kits to mimic trusted e-commerce and banking sites.

It remains to be seen if Google can speed up the process of re-vetting sites flagged as compromised after they've been cleaned up by their owners. Historically, site owners have complained that search result warnings persist for weeks after cleaning their sites. Denis Sinegubko, founder and developer at Unmask Parasites, believes Google has room for improvement in this area.

“They know about it and probably work internally on the improvements, but they don’t disclose such info,” Sinegubko said. “This process is tricky. In some cases, it may be very fast. But in others, it may take unreasonably long. It uses the same form for reconsideration requests, but it should be faster—less than two weeks for normal reconsideration requests.”

Maxim Weinstein, executive director of StopBadware, an independent non-profit anti-malware organization, explained that delays in de-listing a flagged site usually occur because the site owner hasn’t fully resolved the issue that caused the alert or missed a step in Google’s reconsideration process. “If someone doesn’t know to request a review, it can be a while before Google’s system will on its own rescan the site and remove the warning,” Weinstein said.

Google plans to roll out the new system gradually, meaning not all sites that should be flagged as compromised will be marked immediately. Sinegubko noted that many compromised sites might not yet display warnings.

Website administrators who find their pages flagged can seek assistance at Badwarebusters.org, which has an active and responsive help forum. Google also provides support through its Webmaster Help Forum, including a malware and hacked sites section, where users can find more information about the new warning system. In one forum thread, John Mueller, a Webmaster trends analyst with Google Zurich, explained the alert and cleanup process.

“As mentioned by others, this is triggered when we determine that your site has likely been compromised by an unauthorized third party. Once this happens, it’s hard to predict what else may have been modified. For instance, in addition to hidden links, someone might have changed the phone number or redirected orders to the wrong website—everything is possible once third parties can modify a website.”

“Once you’ve reverted the compromise and taken steps to prevent it from happening again, you can submit a normal reconsideration request through Webmaster Tools. These requests are processed fairly quickly (usually within a day, though it’s not possible to give an exact timeframe).”


Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.