Feeds

back to article Google sends warnings to machines with infected search

Google is issuing warnings to people whose computers are infected with a type of malware that manipulates search requests. A strain of rogue anti-virus software also includes a search hijacker component. The hijacker is designed to further enrich scammers by redirecting users of compromised machines through various dodgy pay-per …

COMMENTS

This topic is closed for new posts.
Trollface

pot, kettle etc

"a type of malware that manipulates search requests"

see title

9
4
Bronze badge
Mushroom

Damned if they do, damned if they don't

I can't see what more Google can do that would be acceptable other than put up a warning on the Google search page itself. I'd be tempted to rick-roll them on every search result at the very least. Maybe not give them any results until they get themselves fixed.

What we really need is some mechanism for Google and other authoritative sites to be able to inform ISP's of malware on their customers sites so ISP's can investigate and suspend or limit their services where appropriate. They probably have that power under their AUP already so it's not an unreasonable solution. But would ISP's actually care enough to do it?

3
1
Silver badge
Stop

Why is it down to the ISP's?

The customer is supposed to be responsible for thier machine - either we have a fully nannied-up system or we have freedom.

your choice?

0
3
Silver badge

Hmm...

You mean something like "abuse@isp.com"? (Not that most ISPs dont have that account storing it's mail in /dev/null)

0
0
J 3
Alert

@Why is it down to the ISP's?

Look up "false dichotomy fallacy" -- you can even use Google for that! -- the last refuge of the hard of thinking.

0
0
FAIL

re: Why is it down to the ISP's?

Because they might reasonably deal with malicious or disruptive traffic on their networks, in the same way that they deal with DDoS or routing/DNS foul-ups? I'm not saying that they /should/ do so, but it's not altogether unreasonable that they might and it wouldn't be the end of the Internet as we know it.

0
0
Bronze badge
Alert

WARNING! VIRUS DETECED!

The only thing that worries me is that a typical dumb user (who is most likely to need this) won't be able to tell this apart from one of those ubiquitous fake virus scams.

I'm not sure what could be done about that though, it's clearly better than not warning people at all.

0
0
Anonymous Coward

this message would be less risky

this is too much like those phishing virus/trojans that claim your computer is infected.

What it SHOULD say is:

Your computer is infected. Shut it down now, take it to your best geek buddy, buy him a venti nonfat tripple espresso, and ask HIM to fix it, because you can't trust links like this, and your judgment is impaired otherwise you'd never have gotten infected in the first place.

http://googleonlinesecurity.blogspot.com/2011/07/using-data-to-protect-people-from.html#comment-9180613052195202845

8
0
Vic
Silver badge

Re: this message would be less risky

> buy him a venti nonfat tripple espresso

You appear to have mis-spelt "beer"...

Vic.

4
0
Bronze badge

even less risky.

And you, Vic, seem to have misspelled gin.

Mine will be a pint.

1
0
Bronze badge
Go

Removing virus's

Best done completly drunk and out of your mind on coffee beer and gin

0
0
Silver badge
Linux

or use linux

at least until the bastards start writing mal-ware to target us smug linux gits

9
0
Trollface

Linux...

...is malware, isn't it?

1
2
Trollface

You mean like this?

A collection of 755 exploits dating back to 2003. http://www.exploit-db.com/platform/?p=linux

That took less than a minute to find on Google. All systems have exploitable bugs and accompanying malware. Of course, some platforms have more bugs or malware than others.

And El Reg already discussed malware customized for IE, FF, Chrome and Safari. http://www.theregister.co.uk/2011/03/02/rogue_av_mimics_firefox/

0
1
Bronze badge
FAIL

Experience

I had this problem four months ago with Firefox. My Trend Micro antivirus was up-to-date and my Outpost Firewall is solid. I was searching for and wanted to watch a security video that wouldn't load. Outpost told me it wanted a connection, so I allowed it. Later, I noticed that many of my Google search results when clicked want to strange websites filled with ads. I later figured out I had an infection.

Trend Micro, McAfee, Spybot, and Symantec scanners all turned up nothing. I had to research it myself and eventually found the problem myself. I quarantined the infected file so I could test other antivirus programs with it (Only the Sophos & Avira scanners detect it). My computer ended up with all sorts of network-related problems (not virus, but damage from deleted files & deleted registry entries), which I had to correct myself. I now use Avira Antivirus.

Look, I'm an advanced computer user and I got infected. Common antivirus programs didn't detect the problem.

2
0
Anonymous Coward

"I'm an advanced computer user"

So advanced that your OS used a registry !

0
4
FAIL

re: I'm an advanced computer user

... who thinks it's reasonable to open his firewall to something just to watch a video?

0
0
Bronze badge
FAIL

re: I'm an advanced computer user

I have very harsh firewall rules. I know that some streaming video won't play on my browser until I switch from "harsh" to "normal".

From my research, I learned that most people don't get infections from old viruses that are two years old, or even two weeks old. You get infections from new viruses that are two hours old.

0
0
Thumb Up

I'm ok, I got a call from Microsoft Support

Whenever my PC is infected, I get a timely phone call from Microsoft support telling me what to do, it doesn't cost much and I feel safe every time they call. Nothing like a bit of preventative maintenance eh?

0
0
Bronze badge
Paris Hilton

So, how do you KNOW...

it's Microsoft calling?

"Yes sir, just type in your bank account number and PIN on this form so we can detect when anyone is trying to steal them"

0
0
Gold badge
Happy

Re: So, how do you KNOW

I think that was his point.

At least, I really hope so.

1
0

@Boris the Cockroach

Even then, getting to root from user space is going to be a lot harder for the malware writers. I'm not going to say that they won't manage sooner or later anyways, just that it'll hopefully be easier to closer the gaps there, contain the malware to userspace where it can be relatively easily cleaned up.

1
0
Thumb Up

This won't work for long.

It would be very hard and expensive to realistically to fake an entire search engine, but its very easy for the malware to perform a real search, modify the results, then display that to the infected user.

Currently Google is able to detect this, because the malware writers didn't put enough effort into making their activity look like a normal search. It shouldn't take them very long to figure out how to made their searches seem completely normal.

Thumbs up for recommending three excellent free AV options. (My favorite is Avast).

0
0
Bronze badge

Mr

I hope that Google have now scheduled outages for each of their other servers in turn, so they can discover which others are also being (mis)used.

0
0
Bronze badge

why do it like that?

They should simply rotate to a new set of IPs, putting all of the malware feeders on hold.... hang on, instead of doing that, or even the warning banner, they should redirect infected machines to Bing.

2
0
This topic is closed for new posts.