Google’s Malware warning a double-edged sword
by Steve Ragan - Jul 20 2011, 06:45During maintenance inside one of their datacenters, Google noticed strange search patterns, and later determined they were Malware related. In an effort to alert others who might be infected as well, the search giant will start issuing large alert notices to users accessing their site. Will this help or hurt things?
The unusual search traffic, later tied to Malware, was discovered by engineers while working in one of their datacenters, according to a company blog post by Damian Menscher, a Google Security Engineer.
Later, as it turned out, the strange search patters were all related to a variant of an unknown family of Malware. Contacting a few corporate partners who were included in the fishy traffic findings, Google learned that each of the systems issuing the odd searches were infected.
According to Google, the Malware leverages proxies in order to send traffic to their domain. To combat this, Menscher said that starting Tuesday, “some people will see a prominent notification at the top of their Google web search results.”
“We hope that by taking steps to notify users whose traffic is coming through these proxies, we can help them update their antivirus software and remove the infections,” Menscher said.
As seen in the image, the user is given a highly visible notice. However, this notice will only apply to a small segment of the Internet who may be infected with the unknown Malware. However, if the notice was expanded to include other Malware, there could be problems.
It wouldn’t be hard for a criminal to replicate the Google notice in order to tick users into installing Malware. Another issue is that users have been told for years to ignore popup displays that warn of Malware infections.
For example, users aware of Rogue anti-Virus applications know they often appear in the form of random notices alerting them to a problem. How will they react when presented with a warning from a company like Google?
Also, Malware such as the type Google describes often hijacks the DNS of the infected host. Given that, searches related to Malware, as well as Web traffic to security solution are often blocked or routed to fake anti-Virus offerings.
Thus, the help document linked in Google’s alert might not be all that useful if there is a legitimate infection on the system.
It’s a good thing to see Google take this step, but it’s a double-edged sword depending on who sees the warnings and how they react to them.
Comment on this Story