14 DAY TRIAL // Every Google search result was accompanied by a "This site may harm your computer" warning on Saturday. The incident was the result of a human error that caused '/' to be processed in the list of malicious URLs maintained by the search giant.
For a long time now Google has been maintaining a list of Web sites that might be harmful to users, because they are attempting to exploit computers and install malware, or because they are distributing malicious applications. This has the purpose of protecting them and ensuring a safer browsing experience, company representatives claim.
The company works with a non-profit outfit called StopBadware in order to determine the criteria used to tag such links, as well as develop documentation for webmasters on how to avoid having their websites flagged as malicious. The list is updated regularly, as it was the case on last Saturday.
For around 40 minutes webmasters and users alike were baffled to see that Google considered all sites across the Web harmful. Since the warning link refered everyone to StopBadware for instructions, the volunteer organization was effectively knocked off the Internet, due to the incapacity of their servers to process the sudden millions of requests.
"This led to a denial of service of our website, as millions of Google users attempted to visit our site for more information. We are working now to bring the site back up," Maxim Weinstein, leader of the StopBadware team, operating out of Harvard's Berkman Center for Internet & Society, wrote at the time. "We are also awaiting word from Google about what happened to cause the false warnings," he added.
Google responded through the voice of Marissa Mayer, vice president of Search Products & User Experience, who after initially suggesting that StopBadware was the origin of the glitch, finally assumed responsibility on part of the company's staff. "Unfortunately (and here's the human error), the URL of '/' was mistakenly checked in as a value to the file and '/' expands to all URLs," she explained.
Ms. Mayer also noted that the problem was mitigated rather quickly, lasting for about 40 minutes. "Since we push these updates in a staggered and rolling fashion, the errors began appearing between 6:27 a.m. and 6:40 a.m., and began disappearing between 7:10 and 7:25 a.m. [time is PST]," she wrote on the official Google blog. "We will carefully investigate this incident and put more robust file checks in place to prevent it from happening again," she pointed out.
Though annoying for both regular users and webmasters alike, from a security perspective, this incident might have had a favorable effect. As Graham Cluley, senior technology consultant at Sophos, reveals, it's safe to assume that a lot of users rushed to scan their computers when seeing that sites they regularly visited were suddenly being flagged as harmful. "Chances are that some of those users checking their computers for malware will actually have found something they didn’t know was present, and cleaned themselves up," the security researcher emphasizes.