Quite a Saturday morning at StopBadware

This morning, it seems that many (all?) Google search results led to a warning page meant to be associated with sites that have malware on them.  We at StopBadware are partners with Google, among others, working hard to fight malicious code together.  Our role, as researchers, is to help set the criteria for what constitutes a site with Badware; we keep a public, online clearinghouse of sites that may harm one’s computer; and we run a review process to get sites off that list when they are clean.  There have been a series of blog posts about this strange, short occurence this morning which include misinformation about what happened on the Google side. 

What happened? Google’s VP Marissa Meyer wrote: “Very simply, human error. Google flags search results with the message ‘This site may harm your computer’ if the site is known to install malicious software in the background or otherwise surreptitiously. We do this to protect our users against visiting sites that could harm their computers. We maintain a list of such sites through both manual and automated methods. We work with a non-profit called StopBadware.org to come up with criteria for maintaining this list, and to provide simple processes for webmasters to remove their site from the list.“We periodically update that list and released one such update to the site this morning. Unfortunately (and here’s the human error), the URL of ‘/’ was mistakenly checked in as a value to the file and ‘/’ expands to all URLs. Fortunately, our on-call site reliability team found the problem quickly and reverted the file. Since we push these updates in a staggered and rolling fashion, the errors began appearing between 6:27 a.m. and 6:40 a.m. and began disappearing between 7:10 and 7:25 a.m., so the duration of the problem for any particular user was approximately 40 minutes.”

Nothing like it has happened in the first three years or so of the StopBadware project’s existence.  A few minutes after this large number of warnings appeared, the StopBadware server crashed under the load of people looking for more information about what had taken place.  Everything seems back to normal now. 

 

Here is the official Google statement about what happened, from which the quote above is pulled.  (Changes from the original post appear in blue in the Google post.)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s