Search
Clear search
Close search
Google apps
Main menu

Malware detection

The term malware, short for "malicious software," refers to any software specifically designed to harm a computer or the software it's running. Malware can steal sensitive information (like credit card numbers or passwords) or even send fake emails from a user's email account, often without the user's knowledge. Malware may include, but is not limited to, viruses, worms, spyware, and Trojan horses.

Containers are automatically scanned for malware. If malware is detected, the affected container will be flagged and tags may be blocked from firing.

To protect the safety and security of our users, Google Tag Manager will stop firing tags pointing to sites where we find malware.

In this article:

How do sites and networks get infected?

In most cases, affected users are unaware that there are tags serving malware from their containers. Usually through no fault of your own, a network provider becomes malware infected when they install 3rd party libraries or templates onto their websites, and subsequently transmit that malware to your site via the custom HTML tag that you published onto your website via Tag Manager. 

Common symptoms of malware on your site can include unwanted URL redirects, pop-up ads, altered search results, the addition of unwanted browser toolbars or side-search bars, and slow computer speeds.

What can I do if my container gets flagged for malware?

If your container has been flagged for malware, a notification email will be sent to the container owners. Google Tag Manager will show an alert that a tag is "malware flagged" if it is live in the published version, and the version history will show the same.

To resolve this issue, go into the problematic container and remove all triggers from any malware-affected tags, and remove those tags from any tag sequencing so that they are completely disabled.

When your repaired container configuration has been republished, it will be re-scanned for malware automatically.

The best way to avoid malware issues is to use the tag templates built into Google Tag Manager. Tag manager supports a wide number of 3rd party tag templates. If a tag you'd like to deploy isn't yet built into Google Tag Manager, consider reaching out to the tag vendor to ask them to apply to join the Google Tag Manager Tag Vendor Program.

What should I do if I run an Ad Network and I’ve been flagged for malware?

Follow the steps below to check your computer for malware, remove all malicious code from your site, and submit your site and ads for review.

  1. Check the status of your site in Google's Search Console site.
    1. Visit google.com/webmasters and sign in.
    2. If you're new to Search Console, enter your website into the field and click Add a site. Note that you might be asked to verify that you own that site.
    3. Look at the status displayed for that site to see what issues were found.
  2. Click the appropriate scenario below to see detailed next steps.
Search Console does find malware on your site...

Here's an overview of the steps you'll need to take:

  1. Quarantine your site
  2. Assess the damage
  3. Clean up your site
  4. Ask Google to review your site

Follow these instructions and we'll walk you through each step. Please make sure that your primary domain, all sub-domains, and all verified site redirects are cleared of malware.

If you're not able to complete some of the technical steps yourself, please contact your web hosting provider or visit stopbadware.org for more information.

Search Console does not find malware on your site...

Even if Search Console does not identify any issues, it's still possible that your site has security issues detected by the our systems. Check with your webmaster or web hosting provider to see if they can identify the problem. You may also want to visit stopbadware.org for more information.

What happens with containers that continue to point to sites containing malware?

Tags containing malware will be disabled and will not run. If a problematic tag is re-enabled, then there is a risk of being locked out of your Google Tag Manager account. Account owners will be notified via email if a lockout occurs.

Does Google have any programs to detect and remove malware?

Although Google doesn't provide programs to remove malware, we do offer Google Safe Browsing for both Chrome and Firefox users. Safe Browsing is a service provided by Google that enables applications to check URLs against Google's constantly updated lists of suspected phishing and malware pages. Additionally, we've listed some well-known external programs below. Google has no connection with these companies and can't comment on their effectiveness, but we recommend always using the latest version of any such programs. Also keep in mind that these programs might not be available in all languages or locations.

If these programs don't resolve the problem, you might want to try an advanced troubleshooting program such as HijackThis.

How can I file a complaint with a government agency about malware?

In the USA, the Federal Trade Commission (FTC) handles complaints about deceptive or unfair business practices, including malware distributed by sites hosted in the U.S. To file a complaint, visit https://www.ftccomplaintassistant.gov/.

To file a complaint outside the U.S., visit http://www.econsumer.gov/, a site representing the consumer protection agencies of 21 countries.

Was this article helpful?
How can we improve it?