Google Adds Phishing URLs to Network Notifications

Google announces that Safe Browsing notifications about compromised websites sent to networks administrators, will start to include information about phishing URLs.

Google Safe Browsing is a service, that aggregates data from various URL blacklists, as well as Google's own malware sensors.

The gathered intelligence is offered for free to consumers, webmasters and network administrators alike.

End-user products can tap into this data feed via an open API (application programming interface). For example, Mozilla Firefox and Google Chrome both check URLs through the service and block access to them if they are listed as malicious.

Webmasters can verify if their websites are affected from their Google Webmaster Tools accounts and since late last month, AS admins can also sign up to receive alerts about bad URLs on their networks.

"Today we’re adding phishing URLs to the notification messages. This means that in addition to being alerted to compromised URLs found on networks, you’ll be alerted to phishing URLs as well," Google announces via its Online Security Blog.

To begin receiving such notifications, network administrators must first register their AS number with Google at http://safebrowsingalerts.googlelabs.com.

In addition, they can opt to get the alerts in XML format instead of plaint text emails, so they can more easily be processed by special programs.

"Click on an AS in your list to modify preferences, such as enabling the XML notification feature. If you decide to use XML email messages, you should familiarize yourself with the XML Schema," notes Nav Jagpal, a member of the Google security team.

The fact that Google is making it easier for admins to identify problems on their networks is good news for the entire security community.

Security researchers waste a significant amount of time trying to locate abuse contact information and put together reports to get malicious websites or botnet C&C servers shut down.

Anything that can take some of that load off is welcomed and means they can invest more time into actual research than writing emails or making phone calls.