[q2]

Few honest questions:

1. If Google detects something as malware, i.e. google software knows that it can be dangerous to users, then why it cannot prevent itself from acting as intermediary? Also, why it does not stop hosting malware?

2. >>> Malicious software is hosted on 279 domain(s), including 24corp-shop.com/, abu-farhan.com/, soaksoak.ru/.

These web domains do not belong to Google. It seems google is downloading several pages onto its server for various purposes. Is it legal in all countries?

From the architecture point of view, is it difficult to sandbox/protect user facing google.com search engine from the above websites all the time so that if malware is there, do not let it effect search engine or other major parts. Users are not security-literate.

3. What should I do as user? Just ignore this assuming that this is for webmasters and not for ordinary users?

Honestly, for me personally, malware on google is unimaginable, since we consider it as gold standard on the web.

[johnmu]

It's important for us (I work at Google on web-search) to be transparent about these reports, and we use them to remove / block content that is malicious too (just like other sites can use the Safe-Browsing API to get information about sites they host). With regards to where it's hosted, there are two main elements involved: a site that actually hosts the exploit (which could be a Windows EXE file, etc), and a site that sends the user to that exploit. Often these are separate. Sometimes it's not even a direct embedding of a known malicious site, for example, it could be that a counter/analytics-tracking site is hacked, which could result in all other sites that use those counters/scripts unknowningly sending users to malicious content.

From talking with webmasters, I have seen almost no false-positives in this flagging, but it's sometimes very hard to find the actual exploit. It sometimes hides from some visitors (direct visitors - like the webmaster - might not see it, it might only be visible for those coming from search), sometimes is limited to geographies or devices. This makes finding the exploit hard sometimes, and fixing the website so that it's no longer vulnerable to the attack that dropped the exploit isn't easy in many cases either.

I take these warnings very seriously when I see them in the browser, even when accessing a site with a fairly locked-down & up-to-date browser. I would recommend never skipping them, even to diagnose an issue (use other tools for that).

[artenix]

Hi there! Why so many security reports on blogspot? http://www.google.com/safebrowsing/diagnostic?site=blogspot....

[bla2]

My theory: People search for stuff on Google. The search results page has a result with a download from abu-farhan.com. People click that link on the search results page, the download starts. Now google.com has "hosted" a malware download.

[asuffield]

> Also, why it does not stop hosting malware?

Keep in mind that this is not reporting malware is currently present, it is reporting that at the last time it checked it found malware, which may have been taken down since then. It doesn't tell you anything about how long it stayed up.

> These web domains do not belong to Google. It seems google is downloading several pages onto its server for various purposes.

I have no specific knowledge of this, but my guess would be that these are just the targets of links.