Google has promised that it will take action against websites that are used repeatedly to serve malware, unwanted software, or are used to ‘phishing’ attacks. As soon as a website has been confirmed as a repeat offender, the Google Chrome browser will automatically issue an alert to visitors, warning them that the site is known to be used to distribute malware.
The owners of the websites concerned will be given an opportunity to clean their sites so as to have the warning removed, however as soon as a site has been branded as a repeat offender the warning message will remain in place for at least an initial 30 days after its activation. Google will not deviate from this rule. Google will inform site owners via email if their sites have been declared as repeat offenders.
It will be possible for webmasters to submit a request to Google to remove the warning as soon as they have acted to clean the site and it no longer breaches Google’s malware, Unwanted Software, Phishing, and Social Engineering policies, however the warning notice will remain for the full 30-day time limit. Even after the 30 days have elapsed, the site owners could face further delays while waiting for their sites to be verified by Google experts.
The new policy was adopted to prevent webmasters from cheating the system. This is not the first time that Google has attempted to deal with these problems and it has had a system in place since 2005, which provided for automatic messages to be generated and sent to webmasters when it was discovered that sites were harmful. Contrary to the new system however, Google’s former policies permitted webmasters to ask for a review of their sites immediately. Some webmasters had become practiced in removing the malware from the site while Google conducted the review and certified the site as safe, only to start distributing malware again almost immediately.
In a recent Google blog post, it was stated that repeat offenders are those Web sites which repeatedly switch between compliant and policy-violating behaviour in order to gain a successful review and therefore have warnings removed.
Google is hopeful that the introduction of these policies will make it harder for malicious actors to cheat its Safe Browsing System.
Google’s new policies, which have recently been put into effect, are only intended to punish websites that have repeatedly breached the rules and are being deliberately used to serve malware. The new policies do not apply to those websites that have been hacked by third parties and maliciously loaded with malware.
