Protecting users from malware hosted on bulk subdomain services

Friday, June 17, 2011 8:19 AM



Over the past few months, Google’s systems have detected a number of bulk subdomain providers becoming targets of abuse by malware distributors. Bulk subdomain providers register a domain name, like example.com, and then sell subdomains of this domain name, like subdomain.example.com. Subdomains are often registered by the thousands at one time and are used to distribute malware and fake anti-virus products on the web. In some cases our malware scanners have found more than 50,000 malware domains from a single bulk provider.

Google’s automated malware scanning systems detect sites that distribute malware. To help protect users we recently modified those systems to identify bulk subdomain services which are being abused. In some severe cases our systems may now flag the whole bulk domain.

We offer many services to webmasters to help them fight abuse, such as:
If you are the owner of a website that is hosted in a bulk subdomain service, please consider contacting your bulk subdomain provider if Google SafeBrowsing shows a warning for your site. The top-level bulk subdomain may be a target of abuse. Bulk subdomain service providers may use Google’s tools to help identify and disable abusive subdomains and accounts.
The comments you read here belong only to the person who posted them. We do, however, reserve the right to remove off-topic comments.

23 comments:

Tobi said...

Finally! This was overdue. :)

Yuswardy said...

It is very disappointing knowing this. Just learning to blog. My site got indexed takes me more than a month (because i have no idea how that day), but losing it in just a day.
Register in co.cc and using google webmaster tool to check everything including malware. So I believe my site is good.
I don't expect this. So sad to know because of less than 10% using it the bad way, all 90% has to feel the punishment as well. :(

K3LVIN MITNICK said...

Uhm...That's the answer why my site k3lvinmitnick.co.cc can not show Adsense ... Please Add .co.cc again. All my money come from above domain, if .co.cc can not show Adsense, I'll be a farmer ?! And another member who used .co.cc domain do not agree that !

Marshall said...

Might I suggested purchasing a TOP-LEVEL domain name? They're so cheap now, there's no reason not to. Even Google offers limited domain services via GoDaddy, perhaps it's time to get established.

BullSh said...

This is total monopoloy. Instead of banning the sites that have the malware runnning, google bans everybody. I just goes to show when one gets too powerfull they think they can play god!, It would be easy enuff to ban just the sites with malware then the entire domains. my 2c

Felonius Monk said...

Thank you!

kurnia lim said...

@Marshall internetbs.net is cheaper and include free privacy.

hehe above me seems have lot of co.cc
It's simple. Google have it's search engine, they can do whatever they like, even banned all website, if you don't like, don't submit url to google and don't optimize for google, optimize for others :)
Monopoly if in this world there's only 1 search engine : google only, no other can have search engine, that's monopoly, and this is not.
BTW I so so agree with google decision, and better roll out panda often :)

Claudio Minetti said...

My site, claudiominetti.co.cc was even banned, this site is totally personal, i do not see any reason for Google to ban all site with this domains.
This is totally insane.

foxwolfblood said...

I'm a Google apps, adsense, analytics and webmaster tools user. I just don't have enough money to pay for the domain name that links to my blog, the spammers and malware authors deserved losing their search results, and i applaud Google for taking those out, but those of us using it for valid reasons now have to dish out money we just don't have.

Drew Crecente said...

Those of you complaining are complaining to the wrong people! You need to direct your complaints to the people responsible for the malware / spamware / scamware / etc.

And if you've paid any money you need to direct your complaints at co.cc - they're the ones who have profited from abuse.

Nick said...

I have a legitimate site via CO.CC. If only 50,000 of 11 MILLION sites have malware, then ban the 50,000 not the legit sites!

olivier-mehani said...

Though I can see some value in this move, I can't help but feel uneasy at how strong a censorship power Google has. They could have just added very bold warnings and additional warning screens before leading to the co.cc subdomains, and let people take their responsibility.

I wish they gave some credit to their users, and let them decide for themselves, given the information Google can provide;and I'm sure they have convincing data, they wouldn't have blocked the entire domain otherwise. Sure, some people wouldn't make the right decision. But hopefully, they would learn from their mistakes. The very mistakes they are not given the opportunity to make--and thus learn from---in the current situation.

Google as an extension of the nanny states? Unfortunately so...

Madubi Enterprises said...

From what i gather, Google engineers have taken the lazy way out of a malware problem. This is also a small attack on the free internet.

Jason W. Thompson said...

With .com sites at only $10/year, I'm not sure how someone could loose their entire earnings because the .co.cc subdomain is blocked. I know I couldn't live on less that $10/year. Perhaps think of buying a domain as part of the cost of doing business.

Judy said...

Nice going, Google. You just blocked my university course website from your search results. Sure, I could pay $10 a year to register some other domain that you might also decide later to block, but why bother because (a) if you can, you probably will at some point, and (b) I don't get reimbursed for this.

Activclient said...

This is unfortunate, but there is not much people can do. The problem was solved and will probably just take another form, but it is easy to register a new domain - Guess you just have to play by their rules these days.

Derek Jones said...

Given the fact that my blog was once hosted on a .co.cc domain and the problems I had with Facebook because of it back in February, it was very wise to have moved my blog to the new purchased domain. Don't blame Google for this, blame those who caused it.

activclient said...

The fact of the matter is that it is much easier when the domain is owned by the user. I found a great tool with activclient I am sure there are other great tools, but this one has helped me out lately.

Snat said...

Personally I think this is more of a band aid solution then an actual solution.

Didn't they do this to afraid.org at one point ?

dhruvil shah said...

this is no good. i know a lot of good website with co.cc
you can ban the site with malware but do not punish all the website.
this is unfair .
i do not own the google so can't really do anything .
but google has been changed a lot in few months . sometime result are not proper . errors, stupid change in color. +1 and than this !. if this happen for next few months i think people will start using bing and yahoo. Thanks sorry for poor english .

Tahir Jamil said...

It is really harsh measures by Google to ban or delist all co.cc websites without any descrimination. My five sites were running for many years. I am genuine personal writer but Google is a boss who does everything according to their sole discretion. Is there any pressure on Google from .com or commercial domain hosting sellers? At least Google should officially tell reasons to publishers. It is our freedom of expression right to question decisions.

Edie Sylva said...

50,000 sites are just wrong on 11 million domains. Is very conservative atitide of google delete all of your sites indexing. Other DNS services often have content sites with spam, malwere are malicious and no is deleted from the search engine. Maybe a boycott of other companies that sell domain names and are seeing that people already are setting up co.cc domain much more than their DNS. Harming the webmaster and the website publishers who use co.cc is arbitrary and conservative.

Secretaría Nacional de la Pastoral Afrocolombiana said...

I've a solution. It implies a lot of work for people like me, who can't automate tasks. My proposal, to all of us, is to use Blogger for showing our entire sitemap with titles. I use co.cc for my site and Blogger for my blog. Google index cepac.co.cc (our site) ONLY if a post in Blogger inmention it. So, there's the solution: put all and every link to each and everyone of our pages in a Blogger post, or more. And see what happen... Will Google close 11 million of Blogger accounts? Many people do bad things with Blogger and (I guess) their not thinking in closing it...