Google Warns Web Users of Malware Infections
Google yesterday began warning Internet users that their PCs may be infected by a certain kind of malicious software.
"Your computer appears to be infected," warns the big yellow banner across the top of the Google homepage. It offers a link to a Google support page that shows users how to remove the malware.
"We hope to use the knowledge we've gathered to assist as many people as possible," writes Google security engineer Damian Menscher in a posting on the official Google blog.
About 1 million people will see Google's warning banner. That's the number of PCs that Menscher estimates have been compromised by the sneaky bug.
It redirects the queries through proxy servers, middlemen machines that hijack the communications between the search engines and the end users. The proxy servers alter the search results to include "poisoned" links to compromised or malicious websites .
Poisoned search results often result in even more malware infections. But security blogger Brian Krebs, who spoke with Menscher, said that in this case the links are to "pay-per-click" sites that earn money for the bug's controllers.
The malware was discovered when Google took a server offline and yet it still kept getting thousands of queries every second, according to what Menscher told Krebs.
Menscher and his colleagues were able to identify the proxy servers, and they added a script to the Google homepage to both detect computers whose queries were coming through those servers and to warn the computers' users.
Google's approach isn't foolproof, however. Many commenters on Krebs' blog pointed out that fake AV or "scareware" entices users with similar banner ads warning people that their computers are infected and that security experts advise to NEVER click on such a banner.
The difference between fake AV warning and the Google warning is, of course, that Google's not trying to sell you anything at least, not yet.