In association with heise online

20 July 2011, 10:09

Google search: now with malware warnings

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Google logo Google has activated a scheme which will see users warned if their Windows systems appear to have a particular type of malware. The warning "Your computer appears to be infected" will be displayed at the top of search results when Google detects that the search query has arrived at their systems via a proxy which modifies the search requests.

The problem was found during routine maintenance on one of Google's data centres. Google's Daniel Menscher told security expert Brian Kreb that, when the data centre was taken offline, search traffic would normally be redirected, but in this case traffic continued to come in. This traffic was turned out to be regular "pinging" of a specific Google IP address. Further investigation led to the discovery of the malware itself.

The search hijacker malware – distributed as, or downloaded by, fake AV software or "scareware" – modifies the user's browsing so that Google, Yahoo or Bing searches go through proxies. These proxies modify the query and results to redirect users to sites participating in pay-per-click schemes. The modified requests have a unique signature which has allowed Google to generate the new warning.

Google's malware warning screenshot
Zoom Google's malware warning

The warning directs users to a Google help page which gives general instructions on how to remove malware by updating antivirus software. Google's own instructions suggest users search for "antivirus", but warn users not to install fake antivirus software in the process of trying to fix their systems. It is quite possible though that users getting the warning from Google that their computer is infected will have previously been taken in by a "Your computer is infected" fake AV web page and will have installed fake AV software. Google does direct users to a general page of suggested software for removing common malware, but does not direct users to any AV software that is known to remove this particular malware.

(djwm)

Print Version | Send by email | Permalink: http://h-online.com/-1282451
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit