Feeds

Google sends warnings to machines with infected search

Alerts are genuine - until scareware scum get on board

Internet Security Threat Report 2014

Google is issuing warnings to people whose computers are infected with a type of malware that manipulates search requests.

A strain of rogue anti-virus software also includes a search hijacker component. The hijacker is designed to further enrich scammers by redirecting users of compromised machines through various dodgy pay-per-click affiliate sites instead of genuine search engines.

Instead of going straight to Google, surfers on compromised machines are sent via proxies. The traffic generated from malware-infected machines has an unique signature that has allowed Google to return warnings to victims using these machines.

The malware is programmed to ping a specific Google internet address from compromised machines. Google came across this when it took a server associated with this address offline during routine maintenance.

Legitimate search traffic was redirected, but the IP address still received thousands of requests per second, tipping Google off that something was amiss. Google security engineer Damian Menscher investigated the odd behaviour and discovered that it had been caused by a network of more than a million malware-infected machines, security blogger Brian Krebs reports.

Google is using the information it obtained to provide prominent warnings to potentially infected surfers that their PCs "appears to be infected", as illustrated by a blog entry here.

The warnings are something of a departure for Google, and may well help alert infected users that their machines are infected with a nasty cocktail of scareware and web-redirection malware. Unfortunately, it is probably only a matter of time before scareware scammers use fake templates from this new type of warning in attempts to peddle fake anti-virus software. Surfers are best advised to only purchase security software from recognised outlets and, in particular, to be suspicious of any warning that points you towards one particular product.

If in doubt, consumers ought to use a freebie scanner from the likes of Avast, AVG or Microsoft itself, at least as a first point of call. ®

Remote control for virtualized desktops

More from The Register

next story
UK smart meters arrive in 2020. Hackers have ALREADY found a flaw
Energy summit bods warned of free energy bonanza
DRUPAL-OPCALYPSE! Devs say best assume your CMS is owned
SQLi hole was hit hard, fast, and before most admins knew it needed patching
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Mozilla releases geolocating WiFi sniffer for Android
As if the civilians who never change access point passwords will ever opt out of this one
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
Internet Security Threat Report 2014
An overview and analysis of the year in global threat activity: identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.