As every Internet user knows, Google has its finger in a lot of pies. Yesterday, the company began warning some users of its search engine that their computers appeared to be infected with malware.
In an announcement on the Official Google Blog, Google security engineer Damian Menscher said that the company first noticed some unusual patterns of network traffic during a routine maintenance operation..
Recently, we found some unusual search traffic while performing routine maintenance on one of our data centers. After collaborating with security engineers at several companies that were sending this modified traffic, we determined that the computers exhibiting this behavior were infected with a particular strain of malicious software, or “malware.”
Following the investigation, Google began to return a warning message at the top of the search results for some users, warning them that their machines appeared to be compromised.
Apparently, this particular variety of malicious software causes requests sent by the infected computer to be routed via a small group of proxy servers, which are controlled by the attackers. If the request is to a search site like Google, or Bing, the proxy can then alter the returned search results to direct the user toward specific pay-per-click or malicious sites. Google’s hypothesis is that the malware originally infected the users’ computers via a fake anti-virus program.
Because of the huge volume and diversity of Internet traffic that Google sees, it is in an excellent position to detect this kind of thing; I think the company is to be commended for taking the trouble to notify users.
In addition to the announcement, Google has a Help Center article with advice on cleaning up an infected PC. Brian Krebs also has an article on this development at his Krebs on Security blog.