Got malware? Google will help you find it.

A while ago I did a post about a site that was getting the malware interstitial on Google. They said “We don’t have any bad software on our domain” and I was all, like, “Psst, buddy, check out these urls.” But that’s not really a scalable approach. 🙂

Now the webmaster console team has added a “please show me some urls that Google thinks are bad” feature. Much more scalable, and it should be a big help to webmasters that might have gotten a few pages hacked. I’ve updated my original post and said:

Looks like the webmaster console team has now added example urls for sites that we think are hosting malware. This is a great step to give webmasters more tools to self-diagnose any malware-related issues with their site. As always, thanks to the folks who added this feature.

Not much more to say about it. If you do see that malware interstitial page for one of your sites, hit Webmaster Central to get more info. Barry’s got a bit more detail up about it over here as well.

38 Responses to Got malware? Google will help you find it. (Leave a comment)

  1. In the same way as “Got malware?”, I wish the webmaster console team to add something like:

    “Psst, buddy, check out these urls. You have some duplicates on your site” 😉

    That will be very helpful and for sure much appreciated.

  2. Hello Matt, I wanted to say thank you for mentioning my website, and this post is timely because I am currently writing my description of the guideline “Don’t create pages that install viruses, trojans, or other badware.”

    The webmaster central team has been putting up so many new features that I can hardly keep up! (I am often not online for a week or two at a time.)

    It is really nice that so much is being done so fast, my compliments to them and their efforts. I know that I appreciate what they are doing and I have an inkling that others do too.
    I also like the newer, more informative posts I have been seeing on the official blogs.

    Great stuff.

  3. Just in time too. My site was caught with the Malware warning and I remembered your previous post, rushed to the console and there was the report.

    Great to see the console reporting the bad urls, it would have taken me ages to find the problem. One request….any chance that an alert from the console could be sent to the account owner? It was only by chance I was checking keywords when I seen the warning.

  4. Ah…I just there are email alerts. Sorry Matt but mines didnt arrive 🙁

  5. feedthebot, I’m trying to think of the right way to point out that there’s a group of folks who produce these lists of malware-bearing urls, and they deserve a lot of credit too. If I come up with the right way to phrase it, I’ll update the post.

  6. It is very helpful for the site owner whose site is hacked or put in a malware.

  7. Hey Matt,

    It’s great to see more features for the Webmaster Tools, which have proven to be a terrific feature. I have a question about it that I was wondering if you could answer.

    Webmaster Tools is reporting hundreds of File Not Found errors on a site that I help manage. However, they are all pages that the Googlebot should never try to spider because they don’t exist. I’ve used two spidering programs to try to locate the referring URLs to these “pages” that Webmaster Tools is reporting but neither of them have attempted to spider them. Also, they’re not listed in the “Internal Links” or “External Links” section of Webmaster Tools or in the “site:” command on Google.

    Do you know if there is any way I can track down the links that refer to these alleged pages? If not, do you know if there are any plans to include an option to display referring links in the Web Crawl Errors section? Thanks for your help.

  8. Auto Parts for Brains

    I have been visiting the webmaster central for quite some time now and honestly, I saw no reason to go deeper than to register for my site. That was before.

    The recent updates done by Google on the site, (not to mention the cool tools they are putting up every now and then) totally got me hooked. It is great to know that Big G has thought of the billions of websites being spawned out there and how to help webmasters, new and old, on improving their sites.

    I find it funny that a lot of people are actually making sites for Google. Everything has to be G-friendly and all that. I guess it is totally a thing to ride on a giant’s shoulder.

    I appreciate the effort Google is spending in making people understand how they work and what they do. I think this is the best way to really cut the crap from the rest.

    I am looking forward to using the webmaster’s tool more.

  9. Someone decided to visciously Spam the comments section of Google’s Webmaster central blog – with THREE EXTREMELY Long nonscense text replies

    They FINALLY start taking comments – and one person decides to attempt to ruin it for everyone else 😕

  10. Ummm…SEW…you’ve been doing that here for over a year now. Did you miss the post pruning? Did you miss the occasions where you rubbed people the wrong way?

    I do have a serious side question to this: I’m all for anything that will help stop the spread of virii, malware, and other computer problems. But will there be any future efforts to target companies such as Tribal Fusion and the publisher sites that work off of these types of ad networks?

    In other words, how much further does big G intend to go with this, keeping in mind the potential for antitrust and anti-competition lawsuits?

    (Hint: the answer I would like to hear the most is “as far as we can go to help keep users’ PCs clean and devoid of all types of malware.” 😉 )

  11. Matt

    These DCs haven’t updated their PageRank for sometime. Comments?


  12. Yes there is a very weird comment in the google blog.
    I think it’s a very good idea because when I use internet from work it’s a lot better to know if a website is dangerous or no.
    I think to another thing to increase the security on google.

    I see a lot of person write on google the word paypal and go throught a clic in the first result.
    As you know adwords doesn’t validate adds so maybe some crooks could make a false paypal website (or another bank website) and put an adwords for this. So the person who writes ‘paypal’ on google instead of write it on the url adress could be trapped.

  13. Thanks for the info Matt, this is very usefull… just to follow on from what Harith said in the first post… that would be really helpfull, the supp index issue is drving most of us mad.

  14. “we’ve also begun sending email notifications to some of the webmasters of sites that we flag for badware”
    Why not show it in Webmaster Tools account?
    Every people will added a webmaster and admin accounts email and this is very good for the email spammers, this account will be full of spam¡¡

  15. So if I can’t find anything like this in webmaster tools then the site doesnt have malware? I was hoping it would spell it out for me like “Your site does not contain any harmful urls”. Great feature though, above and beyond what I believe is Goolge’s responsibility. Keep it up.

  16. While I’m glad Google is being pro-active I kind of like the idea of spyware peddling web masters NOT knowing when they’ve been tagged. This way, they’re just given notice that Google is on to them and then they can change their tactics (yet again). Of course there are innocent errors and this way probably ends up erring on the side of forgiveness.

    Are any larger scale punishments being considered for persistent flouters of the no malware policy? I’m not sure what else Google can be called upon to do, I suppose unearth the old conspiracy theory that they have everyone’s WHOIS information and ban ALL of the spyware enthusiast’s domains from Google. Alas, Google is not the police of the internet. I guess to extend that metaphor, more like the HuggyBear.

  17. I received my email notification this morning from the Google Search Quality Team. 🙂

  18. Hey Matt,

    Great update. I cant beleive how quickly the webmaster team have gotten some of these updates and upgrades out. I can only imagine what we will have in place 12 months down the track. It can be a bit of a lonely practice being a webmaster but some of those tools make it a bit easy

    cheers mate 🙂

  19. Yes, Matt! When can we see all DC updated ? Also, the page rank toolbar is on and off. (sometimes showing page rank sometimes it did not for certain sites, e.g.: this blog)

  20. how about spam warning?
    i.e – your server is a spammer… or your domain is a spammer…. (e-mail spam that is)

    The reason I suggest this is it is possible a site is compromised and the owners not know it or have the skill to fix it.

  21. hi Matt,

    i want to ask a question … Do really google visit the log file on the website ?

    because i remember that i saw a web Application that boost the required domain (For Example ) in alot of webservers log.

    and they mentioned that this will Boost the Website Rank

    Can you check in this!! just trying to help

  22. Be-Genius,

    If Google values the results of someone using such an application at all, it will be to penalize the user.

    Don’t spam people’s weblogs with your URL using such an application, it’s impolite at best.

  23. Dear Thomas,

    i’m not spamming the Blog if the rule can allow me to post the link on where i saw it i’ll tell write it but i don’t think so

    anyway have a great day

  24. Matt, I just watched a 45 clip of you at SES london. Just wanted to say that I learned so much from that session! Thanks for sharing!

  25. Hi Matt,

    Great Update!!

    Can you give a detailed post on this ?

  26. Thanks for writing about it. Malware is indeed a big problem and I am happy that Google has entered this field is going to something substantial.

  27. Be-Genius,

    When I said weblog, I meant web log, as in the log files of their web site, not “blog”, although I can see how you could confuse that.


  28. Seems like a good new service, well done to the webmaster console team!

  29. Hi Matt,

    I posted this on SearchEngine Watch forum looking for some answers Please read this and let us know how we can solve this issue…

    URL Hijacking:
    I noticed strange beaviour this morning on my client’s website, we optimized the site and Google had indexed around 6000+ pages and was doing excellent on organic search results, however we found that our client sites URL was hijacked and it started showing some porn sites url and after investigating I found this redirection mechanism built into those pages if anybody has come across this pls pls drop ur thoughts on how to get rid of URL hijacking and stop this menance …

    It loads a page not sure how that page got onto our client’s domain and that page builds a URL through javascript and does an redirectionand the code I decoded is below:

    location=(“”+encodeURIComponent(document.referrer)+ “¶meter=$keyword&se=$se&ur=1&HTTP_REFERER=”+encodeURIComponent(document.URL)+”&default_keyword=lesbians”);

    So it takes the HTTP REFERER and the redirects the traffic to this site and which in turn redirects to some porn sites …

    Is Google aware of this?? Is google gonna drop my clients search results?? What is going to happen with my client’s reputation?? anybody here can throw in some light here ….


  30. Hi Matt,

    I you have a great site!

    I have a very critical issue that I need your help with. Google has inaccurately listed our website as having a computer virus or some malware. In fact when you Google our site the following error shows up.

    Warning – visiting this web site may harm your computer!

    This information is completely inaccurate and is hurting my business each hour that this message is posted. How do I get it resolved. No error messages show up on Yahoo! or any of the other search engines. Also I even went to http://www.stopbadware,org to get the issue resolved. When I ran a report on this site, my website was shown to be absolutely clean.

    What can I do????
    Please help!

  31. i reached here searching for sites discussing google’s malware blocking policy. Google does blog few legit site. it did not allow me to click on the search result and reach the site. i had to copy paste the url 🙂

  32. I have reported to googlehelp that my site has no content malware while in the search results shown it has, but their reply me with robotize mail…

  33. I read that it take a while to get rid of that warning. After you submit your site for review to StopBadware, an automated email says it will reply within 10 business days. The reason this person was blacklisted was because someone had used a JavaScript snippet to be added to some html files in one specific directory on a sub-domain and not the main website.It was a link that attempted to redirect the user to another machine, whose link no longer worked. Hope that helps.

  34. I think it’s a very good idea because when I use internet from work it’s a lot better to know if a website is dangerous or no.
    I think to another thing to increase the security on google.

  35. I have to say that it’s just a caution to users.

    Even though it’s not 100% accurate, it still makes people even less likely to visit the particular site.

    Anyway, this is the reply from Google:
    Our guidelines are that it’s safer to err on the side of caution with malware. Reincluding a site when we are not entirely confident the site is clean could hurt our users. Also, it takes quite a long time to do a malware reinclusion because checking a site for malware tends to be fairly difficult.

  36. I think the Email notifications are particularly helpful. thanks Matt for telling us.

  37. This kind of stuff really helps improve google’s brand image.. The effectiveness of it is still in question though.

  38. By searching, I found this article. It looks essential to me. Thank you!