Google combats malware and phishing

Google has launched a new Safe Browsing API that will unlock Google’s malware and phishing blacklists to developers to help boost their application security.

Google claims the API will prevent users from publishing links to information on phishing sites and match pages against Google’s malware and phishing blacklists. Furthermore, developers will have access to the very blacklists currently used by FireFox and Google Desktop.

“The API is still experimental, but we hope it will be useful to ISPs, web-hosting companies, and anyone building a site or an application that publishes or transmits user-generated links,” wrote Brian Rakowski and Garrett Casto at Anti-Phishing and Anti-Malware Teams on Google’s security blog.

To use the API a developer needs to sign up for a key and insert it into ‘requests to Google’ for the lists of suspected phishing and malware pages, Google’s spokesperson told SC.

The spokesperson added that the API is for active developers who are writing applications and want to check to see if URLs may be hosting phishing pages or malware.

“Phishing and malware are increasingly prevalent problems on the web today. In order to provide a better user experience and to build trust with users, it makes sense for developers to warn users when they encounter potentially dangerous pages,” said the Google spokesperson.

Google is urging developers to provide feedback so it can improve the data and design behind the API, according to Google’s security blog.