Google is taking the unusual step of displaying a message at the top of its search results pages for some users, alerting them to the fact that their computers may be infected with malware. The action is the result of an investigation in which the search giant discovered that some malware-infected PCs were sending their search requests through one of a number of proxies.
The move by Google is an unprecedented one, and may mark the beginning of a shift in the way that the company and others–such as Microsoft, Yahoo and Facebook–that have massive presences on the Web and see enormous amounts of traffic deal with the issue of their users’ security. Many ISPs in Europe and some in the United States have taken to actively warning their customers when they have an infection and some go so far as to prevent the offending machine from accessing the Internet until it’s cleaned.
Google’s move is slightly different, though, as the company is not taking any active measures to stop users from moving around the Web, but is just showing them a warning that calls attention to the fact that their PCs may be infested with malware. The company said that it hit upon the idea after discovering some unusual traffic during a maintenance window on one of its data centers.
“Recently, we found some unusual search traffic while performing routine
maintenance on one of our data centers. After collaborating with
security engineers at several companies that were sending this modified
traffic, we determined that the computers exhibiting this behavior were
infected with a particular strain of malicious software, or “malware.”
As a result of this discovery, today some people will see a prominent
notification at the top of their Google web search results,” the company said in a blog post Tuesday.
“This particular malware causes infected computers to send traffic to
Google through a small number of intermediary servers called “proxies.”
We hope that by taking steps to notify users whose traffic is coming
through these proxies, we can help them update their antivirus software
and remove the infections.”
One thing to note about the Google warning is that it does look somewhat similar to the fake warnings that scareware and rogue antivirus programs show users during their infection attempts. These programs try to scare users into thinking that their PCs are infected with malware so that they will download and install the fake AV application they’re pushing. But instead of getting help with a likely nonexistent security problem, the victim gets a piece of malware and a demand for payment for a license.
Those fake warnings often appear as pop-up dialog boxes on compromised Web sites or alongside search results on pages that have been poisoned by attackers. Google’s warning shows up at the top of a search result page, not on Web site pages themselves or on the sidebar where ads appear.