Google Safe Browsing extends alerts service to malware distribution domains
Google's service allows AS owners to differentiate between compromised websites and malware distribution domains
By Lucian Constantin | Published: 15:00, 05 December 2011
Google has extended its Safe Browsing alerts for network administrators to include domains that host malware or exploits in addition to compromised websites and phishing pages.
Google Safe Browsing is a service that aggregates information about malicious URLs from various sources, including a fleet of specialised content-crawling robots operated by the Internet search giant.
Google originally designed this service to alert its search engine users about results that could lead to potentially harmful websites. However, since the Safe Browsing API (application programming interface) is open source, the collected data is also leveraged by other software projects, including Mozilla Firefox and Google Chrome, to block malicious URLs.
Related Articles on Techworld
Website owners can use Google's Webmaster Tools to check if their website is added to the Safe Browsing blacklists and even receive samples of the malicious content detected by the company's crawlers.
In September 2010, Google extended the Safe Browsing alerting service to network administrators, arguing that while network administrators don't necessarily own all of the websites hosted on their networks, they are interested in keeping their IP spaces clean of malicious activity.
The service began notifying registered Autonomous Systems (AS) owners via email and later Google added phishing URLs and the ability to receive information in XML format to the feature list.
The new change announced by Google on Thursday allows network admins to differentiate between websites that had malicious code injected into their pages and those that are actually used to host malware or exploits.
"Unlike compromised sites, which are often run by innocent webmasters, distribution domains are set up with the primary purpose of serving malicious content," Nav Jagpal, a member of Google's security team, explained in a blog post.
The ability to differentiate between different types of malicious URLs helps network administrators to determine quicker what is the best course of action; whether they should contact the website owner and ask them to clean their site or suspend the website immediately.
Network admins who want to receive such alerts need to register as AS owners through a special form on the Google Safe Browsing website.