1. If Google detects something as malware, i.e. google software knows that it can be dangerous to users, then why it cannot prevent itself from acting as intermediary? Also, why it does not stop hosting malware?
2. >>> Malicious software is hosted on 279 domain(s), including 24corp-shop.com/, abu-farhan.com/, soaksoak.ru/.
These web domains do not belong to Google. It seems google is downloading several pages onto its server for various purposes. Is it legal in all countries?
From the architecture point of view, is it difficult to sandbox/protect user facing google.com search engine from the above websites all the time so that if malware is there, do not let it effect search engine or other major parts. Users are not security-literate.
3. What should I do as user? Just ignore this assuming that this is for webmasters and not for ordinary users?
Honestly, for me personally, malware on google is unimaginable, since we consider it as gold standard on the web.
From talking with webmasters, I have seen almost no false-positives in this flagging, but it's sometimes very hard to find the actual exploit. It sometimes hides from some visitors (direct visitors - like the webmaster - might not see it, it might only be visible for those coming from search), sometimes is limited to geographies or devices. This makes finding the exploit hard sometimes, and fixing the website so that it's no longer vulnerable to the attack that dropped the exploit isn't easy in many cases either.
I take these warnings very seriously when I see them in the browser, even when accessing a site with a fairly locked-down & up-to-date browser. I would recommend never skipping them, even to diagnose an issue (use other tools for that).
Keep in mind that this is not reporting malware is currently present, it is reporting that at the last time it checked it found malware, which may have been taken down since then. It doesn't tell you anything about how long it stayed up.
> These web domains do not belong to Google. It seems google is downloading several pages onto its server for various purposes.
I have no specific knowledge of this, but my guess would be that these are just the targets of links.
That's a small sample.
What is the current listing status for google.com?
This site is not currently listed as suspicious.
Part of this site was listed for suspicious activity 12 time(s) over the past 90 days.
What happened when Google visited this site?
Of the 6815255 pages we tested on the site over the past 90 days, 1686 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2015-01-22, and the last time suspicious content was found on this site was on 2015-01-22.
Malicious software includes 139894 exploit(s), 2748 trojan(s), 502 virus. Successful infection resulted in an average of 5 new process(es) on the target machine.
Malicious software is hosted on 275 domain(s), including 24corp-shop.com/, abu-farhan.com/, soaksoak.ru/.
296 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including southeastasianarchaeology.com/, thesmallbusinessplaybook.com/, impots-economie.com/.
This site was hosted on 3 network(s) including AS36040 (YOUTUBE), AS43515 (YOUTUBE), AS15169 (GOOGLE).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, google.com appeared to function as an intermediary for the infection of 528 site(s) including s3.amazonaws.com/lowlordyok/, s3.amazonaws.com/fann21ahsdc/, s3.amazonaws.com/skcfb01kpl/.
Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It infected 22 domain(s), including burguscircus.free.fr/, plus.google.com/112502198606472559837/, beljews.info/.
Next steps:
Return to the previous page. If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
This its likely the result of user generated content running on a google.com subdomain.
Safe Browsing Diagnostic page for google.com
What is the current listing status for google.com?
This site is not currently listed as suspicious.
Part of this site was listed for suspicious activity 12 time(s) over the
past 90 days.
What happened when Google visited this site?
Of the 6815255 pages we tested on the site over the past 90 days, 1686
page(s) resulted in malicious software being downloaded and installed
without user consent. The last time Google visited this site was on
2015-01-22, and the last time suspicious content was found on this site was
on 2015-01-22.
Malicious software includes 139894 exploit(s), 2748 trojan(s), 502 virus.
Successful infection resulted in an average of 5 new process(es) on the
target machine.
Malicious software is hosted on 275 domain(s), including 24corp-shop.com/,
abu-farhan.com/, soaksoak.ru/.
296 domain(s) appear to be functioning as intermediaries for distributing
malware to visitors of this site, including southeastasianarchaeology.com/,
thesmallbusinessplaybook.com/, impots-economie.com/.
This site was hosted on 3 network(s) including AS36040 (YOUTUBE), AS43515
(YOUTUBE), AS15169 (GOOGLE).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, google.com appeared to function as an intermediary
for the infection of 528 site(s) including s3.amazonaws.com/lowlordyok/,
s3.amazonaws.com/fann21ahsdc/, s3.amazonaws.com/skcfb01kpl/.
Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It
infected 22 domain(s), including burguscircus.free.fr/,
plus.google.com/112502198606472559837/, beljews.info/.
Next steps:
Return to the previous page.
If you are the owner of this web site, you can request a review of your
site using Google Webmaster Tools. More information about the review
process is available in Google's Webmaster Help Center.I had to frequently whitelist pages when using Websense and our ASA.
Could someone tell me more about those network codes ?
Where do they come from ? Specifics to Google or following some standard ?
http://www.cidr-report.org/cgi-bin/as-report?as=AS15169&view...
Complexities aside - this is how your Internet works.
http://en.wikipedia.org/wiki/Autonomous_System_(Internet)
Basically if you get IPs from ARIN or another RIR:
http://en.wikipedia.org/wiki/Regional_Internet_registry
You get a name on your block.
Someone briefly had a pointer to http://www.google.com/safebrowsing/diagnostic?site=code.goog..., which includes:
> Malicious software is hosted on 23 domain(s), including sms-bomber.googlecode.com/, gdata-issues.googlecode.com/, infojob.googlecode.com/.
sites.google.com wiki.google.com apps.google.com
This probably scanned Google's old Sites product; the equivalent of Geocities for the early '00's.
It might very well be that the malware scanner picked up a link to such a "redirector" which leads to malware and then took the TLD google.com for malicious.
Another reason why one should never ever host user-generated files (or links/redirects) on the primary domain. Github did this with github.io for the same reason.
"Of the 10 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent."
What about bundleware fail?
http://httpshaming.tumblr.com/post/95068402386/filezilla-sou...
[1] http://www.google.com/safebrowsing/diagnostic?site=duckduckg...
Hence, my confusion. Yes, part of me was just trying to be humorously sarcastic. But part of me really enjoys some of the innovative ways that Google leverages data. And yet, another part of my thinks that they have stepped over important privacy and security lines in other areas. Hence, I prefer DDG for the vast majority of my search needs.
http://www.google.com/safebrowsing/diagnostic?site=bing.com
"This site was hosted on 25 networks" vs. 3, 1 virus vs. 503.
Makes you wonder how come M$ doesn't make their site more compatible? As a multi-billion dollar company, they should have higher standards and meet the W3 standards.