Google malware warnings
Google is fairly aggressive about checking for malware on Web sites. When they find a site distributing malware, they make a note of the details and try to warn visitors.
Here are some symptoms of this:
- When an infected site is listed in Google search results, the result says “This site may harm your computer” directly under the result’s link.
- If someone clicks an infected site’s link in the Google search results, they’re taken to a warning page at Google that says “Warning – visiting this web site may harm your computer!”
- If someone using the Chrome browser types the address into the address bar (or uses a bookmark), Chrome will display a warning that says “The Website Ahead Contains Malware! Google Chrome has blocked access to [the site] for now.”
Often, the problem is with the site itself. Malware can be inserted into a Web site by “hackers” who gain access to the site’s files. But it’s also possible for a Web site to be flagged as distributing malware when it hasn’t been hacked directly and instead includes content from third-party sites that have been infected. For example, if you have a Web site that includes banner advertising from an external ad network, and just one of the ads served up by the ad network contains malware, then your Web site (which shows the advertising) can be flagged as distributing malware — even though it is “two sources removed” from the actual infection. Google provides more detail about this, and you can also see reports of it happening to advertising networks.
If you see a malware warning for your Web site and try to get more information about it by clicking “Details about problems on this website” in Chrome, it may tell you the site itself has a problem. That’s something that needs to be fixed directly on the site.
But if it says “suspicious content was never found on this site”, that it “did not appear to function as an intermediary for the infection of any sites”, and “this site has not hosted malicious software”, it’s likely to be from an external source that you’re “embedding” in your site somehow.
So if your Web site has been flagged as hosting malware but you can’t find it on your site, check with any third-party sites that your site uses. This could be advertising networks, or other services that provide scripts that get loaded by your site (for example: embedded weather forecasts).