Google to malware sites: We'll brand you 'deceptive' for a month, no reviews allowed

Sites considered repeat malware offenders by Google won't be able to contest security warnings shown in Chrome for 30 days.
Written by Liam Tung, Contributing Writer

Repeat-offender malware sites will be stuck with a 'deceptive' warning for 30 days before Google is willing to review it.

Image: Google

Google is getting tougher on malicious websites that attempt to game its Safe Browsing review system to have security warnings removed.

The search company has introduced a new class in its Safe Browsing anti-malware system called "repeat offenders", a status reserved for sites that appear to intentionally spread malware, unwanted software, or phishing pages.

Rules for repeat offenders will halt the review process that Google normally allows under Safe Browsing for sites deemed harmful. Chrome will display a full page 'deceptive' warning for those sites. Firefox and Safari also use Safe Browsing to protect users.

A site operator can immediately ask Google to review the site and remove a warning once it's confirmed the issue has been fixed. However, repeat-offender sites will be stuck with the warning for 30 days before Google is willing to review it again.

According to Google, it's introduced the new rule because some harmful sites have been taking advantage of its review system to continue spreading malware or phishing schemes.

"We've observed that a small number of websites will cease harming users for long enough to have the warnings removed, and will then revert to harmful activity," said Brooke Heinichen, a member of Google's Safe Browsing Team.

Google defines repeat offenders as "sites that repeatedly switch between compliant and noncompliant behavior within a short window of time".

Heinichen stressed it will not brand hacked sites as repeat offenders, though these present their own problems as Google highlighted in a study of 760,000 sites caught by Safe Browsing.

"Only sites that purposefully post harmful content will be subject to the policy," Heinichen said.

Google will tell repeat offenders of their status in an email to their registered Search Console email address.

"Once Safe Browsing has designated a site as a Repeat Offender, the webmaster will be unable to request additional reviews via the Search Console. Repeat Offender status persists for 30 days, after which the webmaster will be able to request a review," the policy reads.

Read more about Google Safe Browsing

Editorial standards