If you know me, you know that I love Chili’s buffalo chicken salads. I was in the middle of installing two brand new terabyte hard drives
I didn’t know the number, so I searched Google for “chilis”, but was shocked when I saw that Google was flagging Chili’s official website, chilis.com, with the warning “this site may harm your computer”.
I was intrigued by the idea that Chili’s now had IT staff dedicated to writing malware, but considering the effectiveness of Chili’s product placement in Austin Powers (2): The Spy Who Shagged Me, I had to find out more.
Clicking the search result link that would normally take me to chilis.com took me instead to a page that didn’t provide any additional information that would be useful to determine what the threat to my computer actually was.
Since Firefox’s web forgery detection checks Google as a reference, Firefox presents its own frightening warning.
But fearlessly clicking through to the Chili’s website, it seemed to function flawlessly. NoScript indicated there was nothing out of the ordinary, although Chili’s does use ATDMT.com, part of Microsoft’s online advertising unit, which is comparable to other online advertising analytics and data mining offerings out there.
Chili’s website provided me the information I was looking for without any apparent negative effect (and the salad was great). It is not clear to me what threat Google observed, assuming there was a threat there. Alternately, the malicious content could have been removed. But of course, Google could just be wrong, and I get the feeling based on this experience that it is. Since I usually just stick to a few trusted sites, I don’t often encounter these types of warnings. In fact, while I knew it was a feature in Firefox, I don’t recall ever actually seeing it in action before.
Taking a closer look at the Google Safe Browsing diagnostic page, the only thing I noticed that made chilis.com different from other sites was this text:
What is the current listing status for www.chilis.com?
Site is listed as suspicious – visiting this web site may harm your computer.
Also:
How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
This message could not be much more vague. I actually could not find another site that was flagged as possibly harmful, even when I searched for crapware like “registry optimizers” (apparently an active online Google ad market judging by the search results) and various “keys” and “cracks”. Not even Astalavista.box.sk was flagged as a malware site — frankly, I wonder if that isn’t a malware site, what is. It’s interesting that the Google search results mention “this site may harm your computer”, but the top-level Google ad result, which points to precisely the same URL, doesn’t, as if clicking the ad won’t harm my computer.
Interestingly, Google is so sure I am looking for Chili’s Restaurant, it presents related searches for ‘chilis menu’ and ‘chilis restaurant’ as well as a prompt for my ZIP code, displayed above the search results for the “chilis”, which of course could have been a search for chili con carne. The Chilis.com official home page is still the number one search result for “chilis”, despite that Google has flagged it as a badware site.
So to summarize:
- Chili’s is paying Google for an ad campaign for a keyword where they already are the number 1 result, which is probably costing Chili’s a substantial amount in ad costs despite the redundancy
- Google then tops the #1 result with a suggestion to search for a local Chili’s using their Maps service
- Google usurps the #1 result claiming Chili’s home page is a malware site with no valid explanation as to why.
Quite the fustercluck.
Google really dropped the ball here. If I were Chili’s, I would expect some serious advertising credit after this. Google really needs to step up the accuracy of the malware detection algorithm considering this obvious example of both false positive and false negative results.
Chili’s should also re-examine the value of advertising in search results for “chilis” when they would already be the top result. But to give credit where it’s due, whoever developed the content and back-end for chilis.com did a decent job making their site accessible. Despite clicking through multiple warnings, the store locator and the menu worked fine even with NoScript disabling all JavaScript, with the Firefox suspected attack site protection in effect as well.
The only thing I could find potentially harmful about Chili’s was the nutrition facts for the Awesome Blossom (don’t forget the Awesome Blossom sauce, too), but somehow I doubt the amount of fat in a battered and fried onion of colossal size is what triggered the Google Safe Browsing warning. Considering the potential damage this could have to the Chili’s brand, someone needs to give a better explanation as to what the threat Google identified was and furthermore, how this can be prevented.
UPDATE:
Google has provided more information on the malware it detected. Since there was no Google page cached with the alleged malware, it’s tough to determine what happened. Was the Chili’s website hacked over the weekend? The Chili’s web site did not include references to scripts on any of these sites (that I could find).
Will continue to update as the story develops.
1 response so far ↓
1 m // Jul 30, 2008 at 9:29 pm
Cross site scripting is the answer.. if I was bored I could redirect your order to my server and rip your card then send it to Chili’s.. Theoretically. You would still get your salad.
http://en.wikipedia.org/wiki/Cross-site_scripting
EDITOR’S REPLY: That’s a sensible theory, except that you can’t actually order online at Chili’s website, you have to actually call your local Chili’s to order, and you pay at the restaurant when you pick it up. It looks like their website just got hacked the old fashion way (exploiting some off-the-shelf software Chili’s was using to host their page), and some Russian spammers were able to inject a drive-by download into the source.
Leave a Comment