News

Google malware warning system alerts users about infections

Hillary O’Rourke, Contributor

Google is instituting a new malware warning system to alert users that their computer may be infected with malware.  

Requires Free Membership to View

We hope that by taking steps to notify users ... we can help them update their antivirus software and remove the infections

Damien Menscher, Google security engineer.

The new feature was implemented after Google detected an issue on its servers related to multiple malware infections.The new Google malware system displays a message to users at the top of the Google search results page when it detects possible issue.

The search engine giant decided to take action after discovering unusual search traffic while performing routine maintenance on one of their data centers, according to Damien Menscher, a Google security engineer.

“This particular malware causes infected computers to send traffic to Google through a small number of intermediary servers called ‘proxies,’” Menscher wrote in a blog post announcing the new Google malware warning feature.

The malware only affects computers running Microsoft Windows. When detected by Google’s system, it is likely that the computer is, or was previously, infected with the malicious software, Menscher wrote.

Some malware may alter the victim’s computer settings, redirect some traffic to a malicious server controlled by the attacker and can taint search results, according to Menscher. Tainted search results can lead people to malicious webpages and trick users into downloading rogue antivirus software.

The move is reportedly the first time Google is taking proactive measures to detect and warn users about malware infections. Microsoft is advocating a plan to get ISPs to be more proactive in scanning and alerting users to infections.

Trustworthy Computing Vice President  Scott Charney advocated for more proactive measures at his RSA Conference keynote in March. In his keynote he said ISPs should use more aggressive network access control measures for inspecting and cleaning computers before allowing them onto the Internet.

Google will not block infected users from accessing its search function. The company will provide recommendations to users for scanning systems for malware, how to remove infections, and information about why the victim may have been infected in a Google Help Center document.

 “We hope that by taking steps to notify users whose traffic is coming through these proxies, we can help them update their antivirus software and remove the infections,” Menscher wrote.