One of the easiest ways for attackers to lure victims is by planting malware on seemingly innocent-looking Web sites, or actuallycompromising legitimate Web Sites. Google is doing its part to help users make informed decisions about the sites they visit, and avoid having their PC's infected with a new hacked site identification feature being added to Google search results.
Granted, time-tested favorites like simply e-mailing malicious file attachments are still quite effective despite years of security awareness and conditioning to train users not to open them. But, the Web is vast and anonymous--and with millions upon millions of sites to choose from it is virtually impossible for the average user to tell which are safe, and which are shady.
Traditional malware targets users by attempting to actively spread to the PC. Socially-engineered malware, however, tricks the user into initiating the request for the malware--either by visiting a Web site with an embedded malicious script, or by luring the user into actually executing the malicious file. Rogue Anti-Malware Products and the rise of rogue system maintenance and defrag tools are examples of socially-engineered attacks aimed at snaring naïve users.
With the new Google security feature, sites that are suspected to contain malware or be a part of a Phishing Attack are clearly identified, along with a link stating "This site may be compromised." Clicking on the "This site may be compromised" link directs you to the Google Help Center which explains what that means.
Posts
