Wednesday, July 20, 2011

Google Search Warns "Your computer appears to be infected"

 Google search results have begun warning users that they are potentially victims of a malware infection.

In a rather interesting move by Google the company is now posting a warning atop search results for users it believes have been infect my a particular pieces of malware that is using a small number of intermediary servers called “proxies" to filter traffic to the company's search results page. Google detects the redirected traffic, then shows users the above warning across the top of their results.

"Recently, we found some unusual search traffic while performing routine maintenance on one of our data centers. After collaborating with security engineers at several companies that were sending this modified traffic, we determined that the computers exhibiting this behavior were infected with a particular strain of malicious software, or “malware.” As a result of this discovery, today some people will see a prominent notification at the top of their Google web search results," the company said in a blog post Tuesday.

"This particular malware causes infected computers to send traffic to Google through a small number of intermediary servers called “proxies.” We hope that by taking steps to notify users whose traffic is coming through these proxies, we can help them update their antivirus software and remove the infections."

These warnings may take some users by surprise and rightfully so. They look ominously like those you see with scareware, with the exception that this is not a pop-up. It is shown directly on the search results page.

Your computer appears to be infected

If you see the note Google has some suggestions as things to try. I agree with most the steps but the first suggestion of "searching" for an antivirus product. If your computer is already infected and being redirected you DO NOT want to trust search results. You want to go directly to reputable sites to get your antivirus/anti-malware products.

How do I fix my computer?
1. Install or update your antivirus software. Antivirus software can detect and remove malware from your computer. While we don't make or support antivirus software ourselves, here are some tips:
  • If you don't have any antivirus software, you can either search Google for "antivirus" or try one of our suggested antivirus products. If you prefer to find your own, be wary of fake antivirus software that may actually be malicious; common examples that you should not install include "My Security Shield," "Security Master AV," and "CleanUp Antivirus." Before choosing to install any software, look online for reviews or forum posts to make sure that the software is not a malicious program.
  • Even if you already use antivirus software, it's possible that your existing version cannot catch all potential issues. We recommend that you update this software to make sure that you're using the most recent version.
2. Perform a system scan using your up-to-date antivirus or anti-spyware software. If any issues are found, use the software to fix the problem. When the problem is solved, your antivirus scans should not find any issues and you should not see the warning on Google again.

If you continue to see the malware warning, it's possible that your antivirus software didn't clean the entire infection, and you will need to fix it yourself. See the technical instructions for Windows users

3. Help Google learn about new forms of malware. You can provide feedback about what you found while scanning your computer. Please also use that link if you have any feedback or would like to tell us anything about this experience.

If everyone in your organization sees this warning but you're certain that your computers are not infected, please talk to your network administrator. Your organization's proxy may be infected, causing all users to see the warning.

Why does Google think my computer is infected?

Some forms of malicious software will alter your computer settings to redirect some or all of your traffic through a proxy controlled by the attacker. When you use Google, the proxy forwards your query to the real Google servers to fetch the search results. If our system detects that a search came through one of these proxies, we display the warning.

You may have been tricked into downloading this software when visiting a site or reading an email. For more tips on how to stay safe online, see our security advice.

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you