Human error caused a search results glitch that returned the message “this site may harm your computer” for about an hour Saturday on Google's Web site, the company said. The mistake was Google's, not StopBadware.org's, as was originally thought.
Google said it released an update Saturday morning to its list of URLs known to install malicious software and “unfortunately (and here's the human error), the URL of '/' was mistakenly checked as a value to the file and '/' expands to all URLs,” Google Vice President of Search Products & User Experience Marissa Mayer wrote in an official Google blog post explaining the glitch. “Fortunately, our on-call site reliability team found the problem quickly and reverted the file.”
Mayer's original blog posting about the incident made it sound like StopBadware.org was responsible for the error. StopBadware.org is a nonprofit organization that Google and other IT companies and academic institutions use to warn Internet users about sites known to install malware on computers that visit those sites. Mayer later posted an update clarifying that the problem was on Google's end.
Mayer initially wrote that Google periodically receives updates to the URL list and had received such an update Saturday morning. Her revised blog post said instead that “we periodically update that list and released one such update to the site this morning,” and then spelled out the '/' mistake.
After the first Google explanation went out publicly — and was circulated to reporters — StopBadware explained its side of the story on its own blog: “Google generates its own list of badware URLs, and no data that we generate is supposed to affect the warnings in Google's search listings.”
Users who clicked on Google results during the glitch got an “interstitial” warning page saying that there could be malicious software at the site they were trying to reach and referring them to StopBadware.org for more information, the organization's blog said. “This led to a denial of service of our website, as millions of Google users attempted to visit our site for more information,” it said.
StopBadware operates as a partnership among academic institutions, IT companies and volunteers. It is operated out of Harvard Law School's Berkman Center for Internet & Society. Its site was back up and running Saturday, if slowly at times, given how many people were trying to obtain information from the organization.
In both the initial post and the update, Mayer apologized in her post to anyone who was inconvenienced by the glitch and to site owners whose pages were incorrectly labeled as being malicious. “We will carefully investigate this incident and put more robust file checks in place to prevent it from happening again,” she wrote.may be harmful to your computer.”
Some news reports earlier in the day said that Google had also stopped flagging known bad sites, but according to StopBadware that wasn't the case and Google was correctly flagging those sites as malicious.