Yahoo displays warnings about malware links

May 7, 2008 – 4:54 AM

Yahoo is to start flagging links to sites that may contain dangerous content. Google has been warning users if a potentially dangerous website is behind the link in the list of hits displayed for some time now. Yahoo is following suit by marking websites that could possibly infect visitors with malicious code in its list of hits.

Yahoo is using McAfee’s SiteAdvisor to identify malicious websites. The Yahoo version, called SearchScan, will display a warning in the list of hits if potentially dangerous websites are found that fall into the categories dangerous downloads, risk of being hacked and unsolicited e-mails – indeed, Yahoo goes so far as to suppress from the hit list sites that are categorised as risk of being hacked.

As with most of the currently available link assessment systems such as McAfee’s SiteAdvisor, Finjan’s SecureBrowsing, and CAE’s LinkAdvisor, users should not automatically assume that links not flagged as malicious are always harmless. The flagging of suspect websites can help reduce the number of people who become infected with a Trojan via security vulnerabilities in their browser or add-ons when browsing the web. Importantly, the basic “red triangle” warning appears by a suspect listing in the Yahoo results whether or not JavaScript is enabled, so secure browsing does not prevent the message getting through. However, the information bubble and further details are only available if JavaScript is enabled.

Source: Heise Security