Google is planning to make life a little more difficult for some site owners who host malware, by adding new warnings to its Safe Browsing system to let users know that the sites are known to repeatedly add and remove malicious content to try and trick Google’s system.
The company’s Safe Browsing system is used by Chrome and any of the other major browsers to identify and warn users about malicious sites. Google scans millions of sites constantly, looking for signs of malicious or unwanted content hosted on those sites. It also allows users to submit suspected malicious sites. The company then will notify site owners that their sites have been flagged and will continue to scan the sites and attempt to verify that the owners have cleaned the sites.
Most legitimate site owners will do just that: clean their sites and go on about their business. But malicious site owners often will remove the malware for a little while, wait for Google to verify that their sites are clean, and then start serving the malware again. Google is now planning to show users who visit these sites a new warning.
“As a result of this gap in user protection, we have adjusted our policies to reduce risks borne by end-users. Starting today, Safe Browsing will begin to classify these types of sites as ‘Repeat Offenders.’ With regards to Safe Browsing-related policies, Repeat Offenders are websites that repeatedly switch between compliant and policy-violating behavior for the purpose of having a successful review and having warnings removed. Please note that websites that are hacked will not be classified as Repeat Offenders; only sites that purposefully post harmful content will be subject to the policy,” Google’s Brooke Heinichen said.
The change in policy is part of a larger effort by Google to give users as much information as possible about the sites they visit. Many attackers will set up their own sites to serve malware as part of phishing or other campaigns, and others will compromise legitimate sites and push users to them for drive-by downloads. Google is trying to make it more difficult for these adversaries to run these campaigns.
“Once Safe Browsing has determined that a site is a Repeat Offender, the webmaster will be unable to request additional reviews via the Search Console for 30 days, and warnings will continue to show to users,” Heinichen said.