Friday, 7 October 2011

Google Warns Users of Search Bot Infection

 
Google, if you didn't know it already, pays a lot of attention to the traffic on their site. Quite a bit of that traffic is malicious with the intent of manipulating search results. Now Google has a new tool: They will put a warning on your Google page if, based on traffic from your computer, they think your computer is infected.

  
Google's explanation of the process indicates that proxy servers are key to the determination:

Some forms of malicious software will alter your computer settings to redirect some or all of your traffic through a proxy controlled by the attacker. When you use Google, the proxy forwards your query to the real Google servers to fetch the search results. If our system detects that a search came through one of these proxies, we display the warning.
If you click the "Learn how to fix this" link you are directed to a page with various conventional anti-malware advice. One interesting thing on that page is that Google has a list of suggested antivirus products. The headliners on the list are:
They also have a link to a page with a list of bootable anti-virus CDs. It's a pretty good list, though not exhaustive.

As some of the comments on the Google blog indicate, the warning is not unlike fake warnings that have been used for years by malicious pages, and which invariably lead to links to install malware. Google will have to be careful not to fall into a trap in this regard.
 

0 comments:

Post a Comment