As if SEOs don’t have enough things to worry about already, add malware to the list. Why does malware matter to SEOs? If the site you are working on gets infected, its search traffic will plummet. Search engines attempt to remove infected pages from their search results, or they label them with an ominous warning, such as This site may damage your computer.

Back in 2008 Google reported that malware infected pages had increased to more than 1% of all search results. Google posted a malware statistics update last week. Malware infections have more than doubled since April 2009. Search results containing a url labeled as harmful have remained level in the range of 0.5% to 0.9%, an improvement. While the web as a whole has become more dangerous, Google’s been doing an even better job clearing their search results.

I know one reason why there’s been a dramatic rise in malware on the Web since April. A nasty malware attack has been targeting web developers to steal their passwords. Stolen passwords are used by the bad guys to automatically deploy iframe injection attacks to innocent web page.

If you access web sites via File Transfer Protocol (FTP) or Secure File Transfer Protocol (SFTP), this attack is targeting you. All you need to do is browse an infected page using an insecure browser. Badware will be deployed to your machine, and it will find the files used by FileZilla, or possibly other FTP programs to store passwords, and silently send those files back to a server in China. Then an automated bot attack will use FTP to edit your web pages, infecting them with malware. Then your sites will drop out of the search results. Can you image the uncomfortable conversations when all your sites get hacked at once and you have to admit responsibility?

What can be done to reduce this risk of search Armageddon?

1. Use a more secure browser such as Chrome or Firefox with the NoScript add on for routine browsing.
2. Don’t use any FTP program that stores passwords locally in plaintext, such as FileZilla. To date, Dreamweaver has not been reported to have been compromised. Dreamweaver encrypts passwords and stores them in the Windows registry.
3. Consider using a Mac or Linux instead of Windows. As the most popular operating system, Windows is the most popular target for attacks.
4. Make sure your machine and server are fully updated and patched. Turn off unnecessary services and software to reduce the attack surface.
5. Register your site with Google Webmaster Tools and Bing Webmaster Center. Check regularly to see if there are any malware reports (or other issues) with your sites.
6. If you suspect a malware infection, check Unmask Parasites,
7. View your site’s reputation at McAfee SiteAdvisor.
8. Reduce the number of people and computers that have access to your web server.
9. Keep a backup copy of your web pages. In case of infection, it’s a race to see if you can fix the site before search engines (and users) discover the problem and dump you.
10. Choose the hosting provider that has the quickest response time, not the cheapest price. If your site gets hacked, you may need their help to change all the passwords.

As the web becomes more dangerous, customers become more suspicious, reducing opportunities for everyone. Please do your part to make the web safer, and to reduce your risks.

We often don’t think about the core file system and servers that power Google’s properties, from Search and Gmail to YouTube and Wave, but Google does. The Register reports that after ten years with the original Google File System, GFS for short, Google is working on a version two to replace it. The Google File System is different from the underlining Caffeine infrastructure update, as I understand it, Caffeine runs on top of the Google File System, like you run Microsoft Word on Windows.

The original GFS wasn’t built to handle applications such as Gmail or YouTube, but that is exactly what it has been powering for the past couple years. It was originally designed to be the platform to power search queries and is now being asked to do a lot more. Version two, will take this into account. The release date is unknown, but The Register goes through all the technical details that would make any system administrator raise their eye brows. Personally, I don’t fully grasp these details, but conceptually, it make sense.

Here’s a new one on me. I just got an email telling me that I’ve won nearly $1 million from a “drawing” randomly selected from those searching on Google. Suffice to say, it’s a scam. I can assure you that Google’s done no drawing like this. Add the spam to those about missing fortunes in Nigeria or government grants.

I did some looking around, and the Google scam seems relatively recent. Apparently there was a Google “anniversary” scam in April 2008. For this latest “give-away” one, I spotted talk of it from April of this year. But since this particular spam made it past the filters in Gmail (but not past Outlooks spam filtering), perhaps more people will be exposed to it.

For the curious, the pitch:

GOOGLE GIVE-AWAY WINNING NOTIFICATION!!! This E-mail is to inform you that your e-mail emerged as a winner of £500,000.00 GBP (Five Hundred Thousand British Pounds) in our online Give-away draws. Over £20,000,000.00 (Twenty Million British pounds) is to be given out for this Draws. No purchases of  tickets were required. Participants for the draws were randomly selected from a world wide range of web searchers who use the Google search engine (Googler) and other Google ancillary services. Google is now the biggest search engine worldwide and in an effort to make sure that it remains the most widely used search engine, Google is running an e-mail beta test.

Your email address was linked with our Computer Generated Profile Numbers(CGPN) and attached to the following details:  Computer Generated Profile Numbers (CGPN):7-22-71-00-66-12, Ticket number: 00869575733664, Serial numbers:/BTD/8070447706/06, Lucky numbers:  12-12-23-35-40-41(12), was picked among our lucky winners to receive £500, 000.00 British pounds. Winners were selected randomly through a computer ballot system from worldwide users of the Google search engine.

YOUR WINNING DETAILS ARE AS FOLLOW: Computer Generated Profile Numbers (CGPN):7-22-71-00-66-12 Ticket number: 00869575733664 Serial numbers: / BTD/8070447706/06 Lucky numbers: 12-12-23-35-40-41(12)

To claim your give-away prize, send the following. Your full names…………….. , sex………………………….,Location……………………….Alternate e-mail address………………Your winning details……………..

Somewhere online right now there’s a music fan who’s big on free downloads, likes Coldplay’s “Viva La Vida” but doesn’t know the lyrics, is looking for free ringtones, uses MySpace, likes to play solitaire and wants the latest game cheats. Like many of us, s/he uses a search engine to find all of these things.

This person may as well be playing Russian roulette.

In a recent report (PDF), online security company McAfee says those are some of the most dangerous search terms on the web.

That’s just a sample of the report’s list of the 50 riskiest search terms in the U.S. “Maximum Risk” describes the percentage of pages on a single search results page that were dangerous; i.e., on a search for “lyrics,” there was one search results page on which 50% of the ranked pages were risky. “Average Risk” is the overall risk from all five pages of search results for each term.

McAfee analyzed the first five search results pages of 2,600 popular keywords across five search engines: Google, Yahoo, Live, AOL, and Ask. They analyzed both organic and paid listings and counted the number of links that led to pages that McAfee’s SiteAdvisor tool flagged as dangerous. The study ultimately reviewed more than 413,000 unique URLs.

McAfee’s study also found that certain categories of keywords were more riskier than others. Searches related to “lyrics” and “free” had both the highest average risk and highest maximum risk.

It should be no surprise that McAfee also found scammers like to look at popular trends when choosing what keywords to target. Here’s a chart showing some of the riskiest terms related to the economic crisis:

The report also has charts detailing the most dangerous search terms in other U.S categories, as well as several other countries including Canada, France, Italy, Spain, Germany, and others. Here’s the PDF download link (2.2mb) if you’re interested in more details.

To some degree, the McAfee report calls into question how well the search engines themselves do at notifying users of risky sites. Yahoo uses McAfee’s SearchScan, Ask uses Symantec, while Live Search Bing and Google have their own malware detection tools. But, on a purely anecdotal level, if you search for the terms listed in the McAfee report, Google, Yahoo, and Bing show very few warnings in the first five pages of results.

(found via Lifehacker)

TechCrunch reported that Google Morocco was taken over by hackers for several hours.

The reports say that the hackers gained access to Google’s domain name through the country’s registrar, NIC.ma. The DNS information was then changed to point to a different server until Google regained access and pointed the domain name back to the Google servers.

Google has been hacked before, including domain names taken over and blogs hacked into and seized.

Postscript: Google said this was not a “hack” of the Google web site. Right, Google technically was not hacked into, but their domain name was taken control over and redirected.

If you run a popular/successful blog, there’s a pretty good chance you’re plenty familiar with hacking and how to deal with it. But hacking comes in many forms and can hit any kind of web site that isn’t secure.

In a post today, Google’s Webmaster Central blog talks about ways to prevent hacking, including using Google search to find out if you’ve been hacked. The site: command can help identify if a hacker has added common spam content to your site when you do a search like

site:searchengineland.com viagra

Most webmasters are probably familiar with and use the site: command often. But Google also suggests something many probably aren’t doing, i.e., using Google Alerts to monitor spammy words and phrases:

“In order to constantly keep an eye on the presence of suspicious keywords on your website, you could also use Google Alerts to monitor queries like:

site:example.com viagra OR casino OR porn OR ringtones

You will receive an email alert whenever these keywords are found in the content of your site.”

Finally, Google suggests using Webmaster Tools to help prevent and identify hacking, too. The “Top Search Queries” panel may show if any pages on your site are ranking for unrelated, spammy words or phrases. And Webmaster Tools is also where you’ll want to submit a reconsideration request if you were hacked and removed from Google’s index.

Blogspot.com cited as the No. 1 host for malware from News.com reports Google’s Blogger accounts “for nearly 2 percent of all malware hosts.” Sophos, an antivirus vendor, published a report showing the state of malware injections and attacks throughout the web.

Specifically, hackers can set up “malicious blogs” on the Blogger service, plus they can inject dangerous web links and content into Blogger blogs.

The Google web search team takes malware attacks seriously. They have reviews in webmaster tools and they label malicious web sites in web search results. So isn’t it ironic that Google hosts the number one problem of malware on the Internet?

Yesterday, I said that we had reports of spam on Google Sites, as well as spam on Google Groups. But this report shows that Google’s Blogger is worse than both of those.

A Google spokesperson gave News.com a statement:

Google takes the security of our users very seriously, and we work hard to protect them from malware. Using Blogger, or any Google product, to serve or host malware is a violation of our product policies. We actively work to detect and remove sites that serve malware from our network.

A week ago Google announced the release of a safe browsing diagnostic tool. To use the tool, just append a URL to the end of http://www.google.com/safebrowsing/diagnostic?site=.

For example, to test this site, you would enter http://www.google.com/safebrowsing/diagnostic?site=http://searchengineland.com/. Google will then return four sets of security information about that page.

(1) The current listing status of a site and also information on how often a site or parts of it were listed in the past. (2) The last time Google analyzed the page, when it was last malicious, what kind of malware Google encountered and so fourth. (3) Did the site facilitated the distribution of malicious software in the past? (4) Also, has the site has hosted malicious software in the past?

Google has shown an example of a site that has malicious results. To see such results, go over here, it is safe to click the link. If you do not want to click the link, I have provided a full screen capture below.

The Zero Day blog has some additional information on this Google security release.

NOTE: If you saw a malware warning on Jan. 31, 2009, this was due to an error that briefly impacted all web sites. See Google Gets Fearful, Flags Entire Internet As Malware Briefly, for more.

Everyone is noticing that when they go to their Google Account through AdWords, AdSense, Analytics, or any Google page that requires SSL, they are being prompted with a security warning. Typically, its not a major deal, right?

Well, not if you are trying to get customers to buy on your site. As Tim Gross explains, if you are using Google Checkout on your site, this is having a major impact. Not only that, if you are using the conversion tracking scripts for AdWords and your potential buyer clicked on your ad, they may be prompted with a security warning and leave your site. There goes your sale, and you paid for that.

Here is a screen shot of the security warning on Safari. You will get a similar one on any other browser:

This happens way too often, simply because it is an easy thing to forget. Late January, Yahoo forgot to renew their SSL certificate for the publisher network.

Tim Gross’s screenshot shows a similar expiration date issue that is impacting the www.googleadservices.com URL.

Aside from that, our screenshot above shows a different error, because the certificate is for a slightly different domain than what it was issued for (see comments below for more about this; initially we wrote it was solely an expiration issue).

Postscript: Google updates us that this was an issue between 9am and 2pm (PST) time, where “some web pages containing the AdWords Conversion Tracking code snippet presented visitors with a browser message indicating a Google server certificate had expired.” Google also adds that the conversion tracking numbers may have been underreported. You may want to call your Google AdWords representative if you use conversion tracking and see if some type of discount will be applied to your account for possibly wasted clicks.

Web Browsing, Search, And Online Ads Grow More Risky, Google Says from InformationWeek reports on a recent Google Study named All Your iFRAMEs Point to Us that shows 1.3% of Google searches returned at least one malicious result.

Niels Provos, a security engineer at Google, lead the study that took 10 months of data containing billions of URLs. The data collection period was between January 2007 and October 2007. They checked 66,534,330 URLs and found that 3,385,889 URLs were “suspicious” and 3,417,590 URLs were malicious, pointing to 181,699 landing sites.

But the real impact to the end user, as described by the study, showed that a search query at Google returned “at least one malicious result, with an average approaching 1.3% of the overall incoming search queries.” Furthermore, of the top one-million URLs appearing in the search engine results, “about 6,000 belong to sites that have been verified as malicious at some point during our data collection.” Here is the kicker: “about 0.6% of the top million URLs that appeared most frequently in Google’s search results led to exposure to malicious activity at some point.”

Where does the malware originate from? Here is a chart from the study on that question:

Many of the malware stems from ads. The study showed that “on average, 2% of the landing sites were delivering malware via advertisements.” But when you look at the searchers perspective, “12% of the overall search results that returned landing pages were associated with malicious content due to unsafe Ads.”

There is some excellent data on search and malware in this Google report (PDF file).