Google uncovers a million malware sites

Google’s program to identify internet sites that distribute computer viruses and other “malware” has so far uncovered one million web pages that are infecting the computers of unsuspecting surfers, report Panayiotis Mavrommatis and Niels Provos of the search company’s Anti-Malware Team. Most of the sites engaging in what the researchers term “drive-by downloads” are ordinary sites whose owners “are often unaware that their web servers have been compromised.”

Based on an analysis of a sample of sites, the Google researchers estimate that one in every thousand websites may be “malicious.”

The Google researchers also looked at the sources of the malware that is being distributed through drive-by downloads. They found that four countries seem to be responsible for “the majority of malware activity”: China, the United States, Germany, and Russia.

The findings were reported today on Google’s newly launched Online Security Blog, another sign of the company’s growing concern over the threat posed by the proliferation of malware and the compromised sites that distribute it.

6 thoughts on “Google uncovers a million malware sites

  1. MarcFarley

    By trying to alleviate the risk of web browsing, Google establishes new risk for web site owners – being held hostage by hackers and possibly even Google itself when sites become identified as compromised. I wouldn’t suspect Google of foul play necessarily, but if it does become the free market justice department of the Internet, then there are some very serious questions we need to be asking about the open-ness of search.

  2. Karlheinz Mosblech

    I still wonder what it is they have found on my pages about pasta and tomato sauces (eg. – search:

    The only danger IMO is that one might spill the sauce onto one’s keyboard when eating and typing at the same time.

    This is not a commercial site (rather a public note to self) but I feel hurt nonetheless. Page hits have accordingly gone down from an daily average of 2 to zero.

  3. Nick Carr


    Have you tried to contact Google to see what caused them to label your site as potentially harmful?


  4. dubdub

    the whole domain is flagged as bad, but this doesn’t mean your particular site/subdomain is bad.

  5. Karlheinz Mosblech


    not worth the hassle.


    that’s the point: the domain has been flagged as a whole with all its subdomains, in one sweep — but in its search results Google makes statements about individual pages. Statements which are not true. I’m being inflicted with Sippenhaft.

    No, the last sentence wasn’t meant serious: I know infogami is dead and might have been corrupted, but as long as it is up and running (on reddit’s servers as I understand) it does the job for me. Or does anyone know another public wiki which understands markdown?

Comments are closed.