Google, Malware, exe download files, web battle

“Google has received and processed your malware review request. Unfortunately, (website) appears to be still infected with malware that can harm visitors. Google will continue to display a warning whenever a user clicks a link to your site from our search results.”

A site I maintain has downloadable software exe files. In google webmaster tools, under “site messages” there was a warning that the site is infected with malware. You don’t want a valued customer thinking there might be malware in your software files! The sample urls webmaster tools provided led to downloadable exe files that were no longer on our site, but still on the server. I was surprised the files were found because they are in a support center, behind a login and blocked through a robot txt file “Disallow: /files/supportcenter/downloads/.” I submitted a support ticket to have the site reviewed and told them the malware had been removed. I read that if google reviews your site and the file is removed, they will de-flag your site. Google removed the flag (caution warning) but said the site was STILL infected. I zipped all of the software exe files, turned downloadable rtf files to pdf’s and removed all of the old exe files from the server. This is an old website so there were a lot of old files still on the server. Some devs said that even turning files to txt files didn’t validate their site and that the only way to bypass this issue is to make sure you have an SSL certificate, that it’s been crawled, and that you need to change exe files into a .rar format. I verified we have an SSL certificate. I will be trying turning the files to rar next & I notified our web provider of the issue.

I joined a dev forum and found that Chrome reports downloads as appearing malicious. Theory of how chrome validates downloads:

1. Is the host site known and trusted? (i.e. large established sites are OK)
2. Can the identity of the host site be verified? (i.e. via SSL certificate)
3. Can the the identity of the file’s publisher be verified? (i.e. via code signing certificate)
4. Is the file known and trusted? (I had a file up for a while that was unsigned and accessed without SSL – Chrome was fine with it until I changed the binary after the security update… I’m assuming it takes some time to reach this status.)

I ran the site through a google malware checker tool. It states everything is clean but…YIKES

“This site is not currently listed as suspicious. Part of this site was listed for suspicious activity 27 time(s) over the past 90 days.

Of the 289 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2014-11-14, and the last time suspicious content was found on this site was on 2014-11-12.”

This entry was published on November 15, 2014 at 3:49 am. It’s filed under marketing and tagged , , , , . Bookmark the permalink. Follow any comments here with the RSS feed for this post.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: