Google Issues Malware Warnings

Google has launched a new service designed to warn users that they are infected with a particular type of Windows malware. However, the move has raised concerns that it could make things easier for scammers.

Web Pages Redirected Using Malicious Proxy Server

The service is actually integrated with Google's search results page, and the warning message will only display when a computer appears to be infected. (Source: thetechherald.com)

The Google strategy involves a specific form of malicious software that affects Windows computers. When users attempt to visit a webpage, their visit is routed through a proxy server controlled by the malware operators. Proxy servers are often used for legitimate services, such as anonymizing Internet connections, and act as a "man in the middle" for serving information.

The malware uses a proxy connection to redirect traffic through to malware servers, making it easier to trick users into handing over personal details. For example, when a user tries to visit their online bank, the malware could reroute them to a bogus site that looks to be the genuine site. (Source: computerworld.com)

Hundreds of Thousands of Users Warned

Whenever a user arrives at a site, whether genuine or counterfeit, the site operators can see the route the Internet traffic took. In Google's case, this means the company is able to immediately tell when a user has been routed through the proxy server, which in turn reveals whether the computer has the infection.

In response to this, Google is now displaying a warning message at the top of its search results page whenever it detects an infected machine. The warning only appears once a user carries out a search.

Since launching the program, Google says it has warned "hundreds of thousands" of users; it estimates two million machines are infected. Those figures show how effective the notification method is, simply because of how many people carry out Google searches regularly.

Scareware Scams May Receive Unintended Credibility

There have been concerns from some security analysts that Google's search warning could unintentionally give credibility to online scumbags operating scareware scams.

In this case, an PC infected with scareware routinely displays bogus warning messages claiming a machine has viruses (when it in fact does not), then attempts to persuade the user to buy fake security software. Not only is the security software usually worthless, making the sale a scam, but it allows the operators to get hold of credit card details.

Google argues the similarity between its search warnings and scareware scams shouldn't be a problem.

"We thought about [the scareware scams], too, which is why the notice appears only at the top of our search results page. Falsifying the message on this page would require prior compromise of that computer, so the notice is not a risk to additional users." (Source: blogspot.com)