Google is to take action against websites that are repeatedly used to serve malware, unwanted software, or are used to phish for information. Once a website has been identified as a repeat offender, visitors to the website that use the Chrome browser will be served a warning alerting them that the site is being used to distribute malware.
Site owners will be given the opportunity to clean their sites and have the warning removed, but the warning message will not be removed for 30 days. There will be no exceptions. Once branded as a repeat offender, webmasters will be required to wait 30 days before the warning will be removed. Google will notify site owners by email if their sites have been deemed to be repeat offenders.
Webmasters will be able to submit a request to Google to have the warning removed as soon as the site has been cleaned and is no longer in breach of Google’s malware, Unwanted Software, Phishing, and Social Engineering policies, but the warning message will not be removed until the 30-day time limit has elapsed. Even after that time frame has passed, site owners may face further delays while waiting for their sites to be reviewed by Google.
The decision was made to prevent webmasters from gaming the system. Google has had a policy in place since 2005 which resulted in automatic messages being generated and sent to webmasters when sites were found to be harmful. However, Google’s previous policies allowed webmasters to request a review of their sites immediately. Some webmasters would remove the malware from the site just long enough for Google to conduct the review and certify the site as safe, whereupon the webmasters would then start distributing malware again.
According to a recent Google blog post, “With regards to Safe Browsing-related policies, repeat offenders are Web sites that repeatedly switch between compliant and policy-violating behavior for the purpose of having a successful review and having warnings removed.”
It is hoped that by implementing these policies it will be harder for malicious actors to game its Safe Browsing System.
The new policies, which have been introduced with immediate effect, are only intended to punish websites that are repeat offenders and are being deliberately used to serve malware. The new policies will not apply to websites that have been hacked and loaded with malware.