pot, kettle etc

"a type of malware that manipulates search requests"

see title

Damned if they do, damned if they don't

I can't see what more Google can do that would be acceptable other than put up a warning on the Google search page itself. I'd be tempted to rick-roll them on every search result at the very least. Maybe not give them any results until they get themselves fixed.

What we really need is some mechanism for Google and other authoritative sites to be able to inform ISP's of malware on their customers sites so ISP's can investigate and suspend or limit their services where appropriate. They probably have that power under their AUP already so it's not an unreasonable solution. But would ISP's actually care enough to do it?

WARNING! VIRUS DETECED!

The only thing that worries me is that a typical dumb user (who is most likely to need this) won't be able to tell this apart from one of those ubiquitous fake virus scams.

I'm not sure what could be done about that though, it's clearly better than not warning people at all.

or use linux

at least until the bastards start writing mal-ware to target us smug linux gits

Experience

I had this problem four months ago with Firefox. My Trend Micro antivirus was up-to-date and my Outpost Firewall is solid. I was searching for and wanted to watch a security video that wouldn't load. Outpost told me it wanted a connection, so I allowed it. Later, I noticed that many of my Google search results when clicked want to strange websites filled with ads. I later figured out I had an infection.

Trend Micro, McAfee, Spybot, and Symantec scanners all turned up nothing. I had to research it myself and eventually found the problem myself. I quarantined the infected file so I could test other antivirus programs with it (Only the Sophos & Avira scanners detect it). My computer ended up with all sorts of network-related problems (not virus, but damage from deleted files & deleted registry entries), which I had to correct myself. I now use Avira Antivirus.

Look, I'm an advanced computer user and I got infected. Common antivirus programs didn't detect the problem.

I'm ok, I got a call from Microsoft Support

Whenever my PC is infected, I get a timely phone call from Microsoft support telling me what to do, it doesn't cost much and I feel safe every time they call. Nothing like a bit of preventative maintenance eh?

This won't work for long.

It would be very hard and expensive to realistically to fake an entire search engine, but its very easy for the malware to perform a real search, modify the results, then display that to the infected user.

Currently Google is able to detect this, because the malware writers didn't put enough effort into making their activity look like a normal search. It shouldn't take them very long to figure out how to made their searches seem completely normal.

Thumbs up for recommending three excellent free AV options. (My favorite is Avast).