Google Tracks Malware on Sites

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  
From the 'Google Hacks' files:

We've all known for awhile that Google indexes (nearly) everything, both good and bad. Guys like Johnny 'I Hack Stuff' Long have even made a career out of using Google to find site vulnerabilities, an activity commonly referred to as 'Google Hacking.'

Now at long last, Google itself is getting in on the action.

This week Google launched new webmaster tools that will show site owners any malware located on their site.
"We're happy to announce that we've launched a feature that enables Google to provide even more detailed help to webmasters," Google developer Webmaster Tools now provides webmasters with samples of the malicious code that Google's automated scanners detected on their sites. These samples -- which typically take the form of injected HTML tags, JavaScript, or embedded Flash files -- are available in the "Malware details" Labs feature in Webmaster Tools."
So, while I still think it's a good idea to own Johnny Long's Google Hacks book, Google itself is now providing some really interesting information, but it's not everything that Google itself actually indexes.

There is more info that can be publicly discovered that could really help out webmasters in the battle against malware and site vulnerabilities.

For example, one common Google Hack is simply a custom search query for username/password in unprotected files/directories. The new webmaster tool won't show that as malware, since it's not, but it still is a vulnerability that a Google 'hacker' could find.

The other item that users will still need to find on their own are incidents of Cross Site Scripting (XSS) or Cross Site Request Forgery (CSRF) vulnerabilities. Again, these are items that technically aren't malware, but are still vulnerabilities.

The new tools are a great start and will clearly help to webmasters to identify where they might have malware files sitting on their sites. Most webmasters likely don't want to be distributing malware and every additional tool (especially a free one like this) is another weapon to the attack the problem.

Article courtesy of InternetNews.com.