As we all know Google detects malware on websites and if found it will add a warning to that site in its search results. It will also add it to a blacklist that Chrome (and other browsers?) use, so if anyone tries to visit the infected site then they'll get a warning.

One of the websites that is operated by the company I work for acts as a directory site, and links to thousands of other sites. The other day we received a message from Google advising that our site was being blacklisted because one of the sites that we linked to was hosting malware. This resulted in anyone visiting our site in Chrome (and maybe other browsers that subscribe to Google's blacklist) receiving a warning, making people think that our site was infected!

We fixed the problem by removing the link to the offending site and validating with Google, which was enough for Google to remove our site from their blacklist.

But the problem remains, what if this happens again in the future? If any site that we link to gets infected then it can impact on our site, which isn't good.

Can anyone confirm for me that this is indeed how Google works? That it blacklists sites that link to infected sites?

I find it hard to believe that this is how it works, as if it is correct then many sites are in danger of being blacklisted. I mean, if I post a public comment on Facebook that links to an infected site then is Google going to blacklist Facebook? If I post a link to an infected site on Geekzone then will Geekzone be blacklisted? This would make it very easy for people to harm the reputation of sites.

I did some digging and found another directory site that also links to the infected site that affected us, and Google lists them on its "Safe Browsing Site Status" page for the infected site as linking to the infected site, but for some reason it hasn't blacklisted them.

I've suggested adding rel="nofollow" to our external links, as a way of advising Google that we don't endorse the external sites, but I don't know if this is enough to fix the problem.

Comments from anyone on this issue?