Microsoft's Live launches malware detection service for webmasters

Microsoft's Live launches malware detection service for webmasters

Summary: Playing catch-up with Google's Safe Browsing diagnostic, Google's warnings for potentially hackable sites, and Yahoo's SearchScan introduced through their partnership with McAfee, Microsoft's Live Search has updated their Webmaster tools to offer detection for embedded malware. Moreover, as a late entrant they simply had to differentiate, and they did it in the form of providing outbound links check for whether or not the ongoing links have also been embedded with malware.

SHARE:
TOPICS: Security
4

MicrosoftÂ’s Live launches malware detection servicePlaying catch-up with Google's Safe Browsing diagnostic, Google's warnings for potentially hackable sites, and Yahoo's SearchScan introduced through their partnership with McAfee, Microsoft's Live Search has updated their Webmaster tools to offer detection for embedded malware. Moreover, as a late entrant they simply had to differentiate, and they did it in the form of providing outbound links check for whether or not the ongoing links have also been embedded with malware. What is the feature capable of anyway?

"As a site owner, having malware on your site, or even just linking to other sites whose pages contain malware, can harm your customers. At a minimum, this may prevent your customers from being able to access the content on your site from search results pages. With the updated Crawl Issues tool in Webmaster Center, you will be able to :

- Determine whether any malware has been detected on any of your webpages - Download offline-accessible reports detailing which webpages on your website are affected by the detected malware - Determine whether any malware has been detected on any of your outbound links - Download offline-accessible reports detailing which webpages on your website contain links to external pages containing detected malware"

Let's take the feature for a ride. Live Search's Webmaster tool correctly identified that Dental Clinic - India - Gurgaon - Allahabad has been embedded with malware (sahajdental .com/dentist.htm) where once deobfuscated the javascript obfuscation attempts to load sahajdental.com/a37f88e1b18c1a96 .axa3.cn and adwords.google.com.upload.main.update .kliauj.cn, where despite that the main indexes are returning "Account suspended" notices, the malware campaigns within the sites are still active. Google's Safe Browsing diagnostic and Yahoo's SearchScan didn't picked it up, which is a "good" sign in the sense that competition between these free services ultimately serves the webmaster and the average Internet user.

MicrosoftÂ’s Live launches malware detection serviceAnd while the tool delivers what it promises, one question remains unanswered. When are they going to integrate the feature within Live Search, considering that users of Microsoft's search engine have always been exposed to malicious sites served through black hat search engine optimization? Hopefully soon, as pitching it as a service for webmasters naively assumes that a huge percentage of them are going to take care of the security of their own sites. Factual evidence in the form of the millions of SQL injected sites during the outbreaks from the last couple of months proved that the self-auditing mentality has a long way to go. In its current form, the service is handy, and in combination with other freely available tools for webmasters keeping an eye on their sites, it's prone to make an impact.

However, Microsoft's web properties remain heavily abused by malicious attackers directly breaking Microsoft's CAPTCHA -- again again and again -- or outsourcing the bogus account registration process so efficiently that hundreds of thousands of bogus Live spaces act as infection vectors and redirectors to malware serving sites. The most recent example was the systematic syndication of popular Google Trends keywords, where the syndicated keywords (download a complete list of the Windows Live Spaces participating) were automatically appearing at Windows Live Spaces and redirecting to fake codecs (Zlob malware variants).

In short - the best benchmark for its actual applicability on a large scale would be its integrating within Live Search, next to running it internally across all of Microsoft's web properties, Live Spaces in particular.

Topic: Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • External fixes for an internal problem

    Use computers with real and secure OS in them and MS' so
    called services won't be needed.

    People must have a huge amount of patience or possibly
    don't know any better.
    Mikael_z
    • Unfortunately...

      It isn't a perfect world though now is it?

      I bet you wish everyone could be just like you.

      ugh
      Arphenion
  • RE: Microsoft's Live launches malware detection service for webmasters

    Hi Dancho,

    This feature is integrated with Live Search indeed.

    http://search.live.com/results.aspx?q=sahajdental.com%2Fdentist.htm&go=&form=QBRE

    Click on the first result of your search and you can see the warning.

    Thanks
    sashii
  • RE: Microsoft's Live launches malware detection service for webmasters

    Well done! Thank you very much for professional templates and community edition
    <a href="http://www.yuregininsesi.com">seslisohbet</a> <a href="http://www.yuregininsesi.com">seslichat</a>
    birumut