Tuesday, August 27, 2013

Fun with Google Safe Browsing

You probably have encountered it, you want to go to a website and you get a red page to say that something is wrong with the site and malware has been found on it.

Google Safe Browsing is part of your standard Mozilla Firefox and Google Chrome browser. Google isn't the only one playing this game. Microsoft has its SmartScreen filter and most major AV-solutions have something similar.

This is all fun but what if you are interested as a website owner if you have been flagged? Well actually you can get this report. If you surf to http://www.google.com/safebrowsing/diagnostic?site= you get a nice overview of what was detected for that website.

An example:
http://www.google.com/safebrowsing/diagnostic?site=google.com

It tells me that for the domain google.com in the last 90 days 903341 pages got tested:

  • 484 drive-by-downloads
  • 252 trojans
  • 103 exploits
  • 46 scripting exploits
So as you see this has some value in risk management. Personally I use this technique for information gathering when doing incident handling. You can use it in a risk management to monitor your own website and those of who you do business with in a rather cheap way.

Another cool little trick is that you can get more information on an Autonomous System (AS). 

If you are the owner of the AS, like my current employer is the owner of the Belnet AS with the number 2611, Google has a nice little tool to generate alerts for your incident handlers

Some of us don't own AS systems. Thus I want to share with you one last toy for website owners. Enter "Fetch Like Google.  "Fetch like Google" allows you to fetch up to 500 URLs a week for the sites you own and can be very handy to figure out if the Googlebot still sees your website as infected.

Some people have trouble with https but I haven't had that experience personally. I found on this video on youtube which Google's answer to people having trouble. Basically it works for Google too.

No comments: