Google senses proxy requests to warn users of malware infestation

Google senses proxy requests to warn users of malware infestation

Google’s search engine has started warning users that they’ve installed certain malware. “Your computer appears to be infected,” a banner will proclaim across the top of every Google search whenever the malware is detected. Clicking a link in the banner leads to instructions on how to find an appropriate anti-virus program to remove the software.

The malware that Google is detecting routes certain Web requests through proxy servers controlled by the criminals behind the malware. Any search made through one of these proxies will receive the warning message. Use of the proxies is generally transparent to users; typically, the malware modifies the user’s hosts file. The hosts file is used to map domain names to IP addresses, so that domain names can be looked up without having to use a DNS server.

It’s likely that the malware authors will respond to this measure soon enough, however. The malicious proxy servers are already used to rewriting pages to include ads and interfere with access to anti-virus software; those proxy servers can equally remove Google’s warning message.

One potential problem  is that rather than recommend or link to specific anti-virus software, Google refers users simply to a Google search for “antivirus.” Such searches can direct users to the abundant fake anti-virus software that is available on the Web; in attempting to fix the problem, users may just end up making things worse. Specific recommendations or hardcoded links to genuine anti-virus software might risk claims of favoritism, but it would probably be safer.

Worse, these warning messages run counter to training and advice that’s often given to Web users. Due to the proliferation of fake anti-virus scams, users are strongly advised to ignore any website that’s telling them they have a virus and that they should just download a program to fix their computer. To be effective, Google’s new malware detection requires and encourages them to ignore this usually sound advice; taken in isolation, Google’s warnings are sensible progress, but the broader implications could yet be negative.