Google Safe Browsing blocks sites with fake download buttons

Google is making good on its promise to protect users from social engineering attempts. The company is now putting the kibosh on fake download buttons, malware masquerading as system updates, and other similar types of attacks.

Browsers using Google's Safe Browsing API (Chrome, Firefox, and Safari, among others) will show users a big red warning when they visit a site that's been flagged as containing fake download prompts or trying to trick users into installing something. In Google's own words, sites will "qualify" when they:

  • Pretend to act, or look and feel, like a trusted entity — like your own device or browser, or the website itself.
  • Try to trick you into doing something you’d only do for a trusted entity — like sharing a password or calling tech support.

Google goes on to show a couple examples of this type of attack, although most gerbils should be fairly familiar with them. Even some legitimate download websites occasionally resort to using this tactic, likely to get a bigger payout from shady ad networks.

Google's examples of deceptive content

It's safe to say that these "ads" will not be missed by anyone other than the people profiting from them. This won't be the last measure to be put into place in the fight against malware on the web, too—Google says that "the fight against unwanted software is still just beginning."

Comments closed
    • Crackhead Johny
    • 4 years ago

    Purple monkey will make them pay for this! His wrath shall be mighty.

      • LoneWolf15
      • 4 years ago

      Purple monkey dishwasher?

    • way2strong
    • 4 years ago

    [quote<]It's safe to say that these "ads" will not be missed by anyone other than the people profiting from them.[/quote<] Probably true of 95% of all ads.

      • ferdinandh
      • 4 years ago

      95%? I have clicked on 2 ads in my life.(on purpose)

    • Anovoca
    • 4 years ago

    Google Chrome already tried to prevent me from downloading CCleaner off of filehippo once. It gave me an error that the install file was reported to attempt to install unwanted software. Ignoring this I installed it anyways to find the packagecontained an additional install for chrome.

    …..HA

    • jessterman21
    • 4 years ago

    TR admins please help. I’m clicking to update my Media Player and to install FLV HD, but nothing happens! I would really like to Download and Play the video, but it’s broken!

      • morphine
      • 4 years ago

      Hello, tech support here. To enable that feature, we will need remote access to your machine. You should first provide payment to this Bitcoin account and then install this piece of software so we can check into your problem. We’ll bring all your software up to date as a bonus. Act now!

    • mkk
    • 4 years ago

    A look into all the fraudulent adverts they allow on their own YouTube network would also be nice…

      • Crackhead Johny
      • 4 years ago

      There are adverts on Youtube?

    • Mr Bill
    • 4 years ago

    [url=https://www.youtube.com/watch?v=9AFf0ysgNiM<]"It could be worse"[/url<]; might be an improvement. I was just checking 'Cnet/Downloads', 'Sourceforge', and 'Major Geeks' looking for a drive partitioning utility. There were so many download buttons once you clicked "through" by choosing to download that it was very annoying trying to find the legitimate ones.

      • LoneWolf15
      • 4 years ago

      MajorGeeks? Never had a problem with them. The other two? Yes.

      Privacy Badger for Firefox/Chrome turns off so much stuff on CNet that it breaks the site. Which just goes to tell you how bad ZDNet/CNet’s embedding of crap, tracking and who-knows-what is.

    • VincentHanna
    • 4 years ago

    Shoot.

    There goes Cnet/Downloads.com.

      • AdamDZ
      • 4 years ago

      …and SourceForge

        • VincentHanna
        • 4 years ago

        I feel like the people who use Sourceforge were not the same people constantly installing the malware-bundled-as-cat-icon-browser-toolbar that has become the bane of my existence.

        I could be wrong about that, however.

        • Voldenuit
        • 4 years ago

        You mean ScourgeForce

    • guardianl
    • 4 years ago

    I wonder if Google will also block all those “fake” search engine results that are really just ads mostly disguised to look like legitimate search results…

    You know, just to be consistent?

      • VincentHanna
      • 4 years ago

      This.

      No longer will those yellow boxes and clearly labeled ads be confused legitimate search results.

      • cjb110
      • 4 years ago

      problem with those sites is that Google would then open to being called out on abusing monopoly charges, as they are ‘search sites’ in the same market as Google itself.

      I’d bet they’d love to though, but unless the local trade authorities crack down on the deceptive practises that these sites use I bet they’re here to stay.

    • DPete27
    • 4 years ago

    Is this functionality enabled by default?

    • wingless
    • 4 years ago

    Thank’s Google! God forbid you ever have to search for a driver for an older piece of hardware and older OS.

      • morphine
      • 4 years ago

      Last time I checked, you could just click through the alert.

      • derFunkenstein
      • 4 years ago

      You mean that thisisalegitdriversiteipromise.driverspot.co.kr doesn’t actually have drivers?

        • Goofus Maximus
        • 4 years ago

        Yes! They do have drivers! They also have many “helpful” things wrapped around those drivers, with install options that “encourage” you to “make the right choice” to accept their “assistance” in return for their generous help in getting you the driver you could have gotten from the manufacturer’s website, if not Windows Update itself…

    • lmc5b
    • 4 years ago

    Are they really “fake” download buttons? I’m pretty sure they do download something into your system.

      • Goofus Maximus
      • 4 years ago

      Indeed. A more apt term for these would be “Deceptive Download Buttons/Links” I had to clean up another PC from those w**dershare installer wrapper things that made me do basic arithmetic to uninstall the “extra-ware” that buried a now-glacial Firefox with pop-ups all over…

    • brucethemoose
    • 4 years ago

    [url<]http://41.media.tumblr.com/a353323397c0aa0b4cfbc21eead3d48f/tumblr_ns7d7t7F6H1rvcmlco1_1280.jpg[/url<]

    • Welch
    • 4 years ago

    Yesssss! Thank god. Screw all of the sites that used to be legit that allow this kind of crap.

    • Wirko
    • 4 years ago

    Yeah I’ve seen [url=http://www.extremetech.com/wp-content/uploads/2015/09/Popups.jpg<]those[/url<] too. Good thing someone's blocking them.

    • DragonDaddyBear
    • 4 years ago

    Wouldn’t it be easier to block sites that have questionable content distribution?

      • Pitabred
      • 4 years ago

      Not unless you want to open yourself up to liability as a search provider that’s trying to control content. Google’s trying to largely divorce itself from any kind of “grey” legal areas like that. It’s focusing on user experience and indefensible malicious software. A torrent is a different matter than a virus or scam.

        • DragonDaddyBear
        • 4 years ago

        I really wish sarcasm was easier to convey. I had many options to choose from: torrents, ROMS, adult stuff, old games, old drivers, etc..

          • LoneWolf15
          • 4 years ago

          The <s> </s> tags are your friends. Kind of like air quotes.

    • DrDominodog51
    • 4 years ago

    So they’re blocking sourceforge? Good. The asshats who run sourceforge deserve to rot in hell for what they’ve done. And I don’t even wish that to those who made iptable.

      • jensend
      • 4 years ago

      Note that sourceforge (along with slashdot) just got bought out one week ago by people who seem genuinely interested in attempting to fix its ruined reputation.

      They’ve already killed the bundled installers the old owners were inserting into ‘abandoned’ projects, and their plans for the future sound worthwhile too.

        • just brew it!
        • 4 years ago

        Probably too little, too late. A lot of the projects that made the site worthwhile have already abandoned it.

          • jensend
          • 4 years ago

          Yeah, it’s certainly true it’s never again going to be the epicenter of open source it once was, nor will it recapture the position it had before the DevShare fiasco, but at the very least they can keep a ton of older projects from disappearing from the web entirely.

          If they have the resources to clean up and modernize the site a bit, they can probably manage to retain a fair portion of still-active projects; under the previous management, all these projects would probably have followed the stampede away from SF within a relatively short time.

          With a little more site development than that, they could even provide a little worthwhile competition to github, and maybe attract some new projects. Github’s total dominance of late has had some people kinda worried.

      • Deanjo
      • 4 years ago

      Lol, what’s your beef with iptable? Sure it isn’t as nice as pf but it’s a solid second.

        • DrDominodog51
        • 4 years ago

        It is a pain to use and has caused me countless hours of pain to try and do something very simple. Iptables is why I just do firewalls on routers.

          • Deanjo
          • 4 years ago

          [quote<]Iptables is why I just do firewalls on routers.[/quote<] Lol, which usually use iptables.

            • DrDominodog51
            • 4 years ago

            I thought you would say that. I just appreciate the GUI on top of it because it is always easier to use than iptables directly even if it is shitty.

            • Deanjo
            • 4 years ago

            There are gui’s / scripts / web generators for iptables as well that exist as well that you know. You don’t need to do it by hand.

    • adampk17
    • 4 years ago

    Thank you Google.

    • PixelArmy
    • 4 years ago

    How closely they match in style, I thought lockerdome was the example…

    • Peter.Parker
    • 4 years ago

    I think you might need to check the spelling on the title…

      • morphine
      • 4 years ago

      What do you mean? 😉

        • Peter.Parker
        • 4 years ago

        they fixed it now…

          • just brew it!
          • 4 years ago

          “They”? 😉

            • Peter.Parker
            • 4 years ago

            I was referring to the little elves that work inside the computers..

        • Wonders
        • 4 years ago

        Heh heh heh, nice one. #Gaslighting [url<]https://en.wikipedia.org/wiki/Gaslighting[/url<]

      • Meadows
      • 4 years ago

      Nitpicking won’t bring your uncle back.

        • Growler
        • 4 years ago

        With great spelling comes great responsibility.

      • ferdinandh
      • 4 years ago

      It still needs fixing:
      Google is using fake download buttons to block sites 🙂

    • TwistedKestrel
    • 4 years ago

    I imagine this is going to be a bit of a hassle for a while due to the ubiquity of these ads, even on perfectly legitimate websites

      • The Egg
      • 4 years ago

      I’ll gladly accept that short-term mild inconvenience.

      • Pitabred
      • 4 years ago

      From the articles I’ve read, it’s not a “one and done” policy, it’s for sites that habitually do it that way. So the Sourceforges of the world, not just a place that happens to get a dodgy ad once.

      • lmc5b
      • 4 years ago

      I assume the point would be to make legitimate websites stop doing it because of the threat of being blocked and losing traffic. I don’t think they are trying to block a huge part of the internet but more of a way to force websites to “play by the rules”.

Pin It on Pinterest

Share This