Google notifying users about malware infections

Updated Wednesday, July 20, 2011 at 4:41 p.m. EST

Google on Tuesday began notifying some users of its search engine that their computers may be infected with a specific form of malware.

The move was prompted after the company discovered “unusual search traffic” during routine maintenance on one of its data centers, Damian Menscher, security engineer at Google, wrote in a blog post Tuesday.

After collaborating with security engineers from a number of companies partially responsible for sending the suspicious traffic, Google determined that the computers were all infected with a certain strain of malware.

The malware, which latched on to victim computers by way of rogue anti-virus programs, caused infected machines to send traffic to Google through a number of proxy servers.

Google on Tuesday began notifying users whose traffic is coming through those proxies.

The alerts appear as a large yellow box at the top of Google search results stating: "Your computer appears to be infected.” The notification includes a link to a Google Help Center article with instructions for updating AV software and removing the infection.

Users whose machines seem to be infected will be notified after they conduct a search query, a Google spokesman told on Wednesday.

A few million machines have been affected by the malware, Google said. The company has already notified hundreds of thousands of individuals. 

"There's a lot that Google sees as a result of it's unique and prominent position in the internet," wrote noted security expert Bruce Schneier, chief security technology officer of BT. "Some of it is going to be stuff they never considered. And while they use a lot of it to make money, it's good of them to give this one back to the Internet users.

But there is some bad news. Some users and security experts have expressed concern that attackers would soon begin spoofing Google's notification message for more nefarious purposes.

Chris Larsen, senior malware researcher for web security firm Blue Coat Systems, told on Wednesday that attackers will likely mimic Google's notification message and replace the Help Center link with a malicious URL.

In the past, attackers have, for example, spoofed the notification message displayed by Mozilla's Firefox web browser when users access a malicious site, Larsen said.

“We thought about this, too, which is why the notice appears only at the top of our search results page,” Menscher wrote in the Google post. “Falsifying the message on this page would require prior compromise of that computer, so the notice is not a risk to additional users. “

This isn't the first effort by Google to help users deter web threats. The company also displays warning messages for search results that have been hacked or appear to be serving malware. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.