Feb 14 2008
Much has been written about the recent ?hijacking? of 404 pages by Google?s IE toolbar, causing a stir. Rather than rely on hearsay, we like to refer to the authoritative source about what Google has officially said about this.
In our research, we have discovered malicious sites returning HTTP 404 codes (indicating that the web site requested could not be found), and then turning around to serve a page that is filled with maliciousness for display as the error page, sneaky as that may sound. That being said, we do like the idea of having Google?s toolbar prevent the casual surfer from accidentally visiting a malware-laden 404 page.
However, Google?s IE toolbar only ?takes over? (we prefer that over ?hijack?) when the 404 page is less than 512 bytes, which somewhat reduces the protection it would have provided because in our experience, malicious 404 error pages are larger than 512 bytes.