Google is issuing warnings to people whose computers are infected with a type of malware that manipulates search requests. A strain of rogue anti-virus software also includes a search hijacker component. The hijacker is designed to further enrich scammers by redirecting users of compromised machines through various dodgy pay-per …
pot, kettle etc
"a type of malware that manipulates search requests"
Damned if they do, damned if they don't
I can't see what more Google can do that would be acceptable other than put up a warning on the Google search page itself. I'd be tempted to rick-roll them on every search result at the very least. Maybe not give them any results until they get themselves fixed.
What we really need is some mechanism for Google and other authoritative sites to be able to inform ISP's of malware on their customers sites so ISP's can investigate and suspend or limit their services where appropriate. They probably have that power under their AUP already so it's not an unreasonable solution. But would ISP's actually care enough to do it?
Why is it down to the ISP's?
The customer is supposed to be responsible for thier machine - either we have a fully nannied-up system or we have freedom.
You mean something like "firstname.lastname@example.org"? (Not that most ISPs dont have that account storing it's mail in /dev/null)
@Why is it down to the ISP's?
Look up "false dichotomy fallacy" -- you can even use Google for that! -- the last refuge of the hard of thinking.
re: Why is it down to the ISP's?
Because they might reasonably deal with malicious or disruptive traffic on their networks, in the same way that they deal with DDoS or routing/DNS foul-ups? I'm not saying that they /should/ do so, but it's not altogether unreasonable that they might and it wouldn't be the end of the Internet as we know it.
WARNING! VIRUS DETECED!
The only thing that worries me is that a typical dumb user (who is most likely to need this) won't be able to tell this apart from one of those ubiquitous fake virus scams.
I'm not sure what could be done about that though, it's clearly better than not warning people at all.
this message would be less risky
this is too much like those phishing virus/trojans that claim your computer is infected.
What it SHOULD say is:
Your computer is infected. Shut it down now, take it to your best geek buddy, buy him a venti nonfat tripple espresso, and ask HIM to fix it, because you can't trust links like this, and your judgment is impaired otherwise you'd never have gotten infected in the first place.
Re: this message would be less risky
> buy him a venti nonfat tripple espresso
You appear to have mis-spelt "beer"...
even less risky.
And you, Vic, seem to have misspelled gin.
Mine will be a pint.
Best done completly drunk and out of your mind on coffee beer and gin
or use linux
at least until the bastards start writing mal-ware to target us smug linux gits
...is malware, isn't it?
You mean like this?
A collection of 755 exploits dating back to 2003. http://www.exploit-db.com/platform/?p=linux
That took less than a minute to find on Google. All systems have exploitable bugs and accompanying malware. Of course, some platforms have more bugs or malware than others.
And El Reg already discussed malware customized for IE, FF, Chrome and Safari. http://www.theregister.co.uk/2011/03/02/rogue_av_mimics_firefox/
I had this problem four months ago with Firefox. My Trend Micro antivirus was up-to-date and my Outpost Firewall is solid. I was searching for and wanted to watch a security video that wouldn't load. Outpost told me it wanted a connection, so I allowed it. Later, I noticed that many of my Google search results when clicked want to strange websites filled with ads. I later figured out I had an infection.
Trend Micro, McAfee, Spybot, and Symantec scanners all turned up nothing. I had to research it myself and eventually found the problem myself. I quarantined the infected file so I could test other antivirus programs with it (Only the Sophos & Avira scanners detect it). My computer ended up with all sorts of network-related problems (not virus, but damage from deleted files & deleted registry entries), which I had to correct myself. I now use Avira Antivirus.
Look, I'm an advanced computer user and I got infected. Common antivirus programs didn't detect the problem.
"I'm an advanced computer user"
So advanced that your OS used a registry !
re: I'm an advanced computer user
... who thinks it's reasonable to open his firewall to something just to watch a video?
re: I'm an advanced computer user
I have very harsh firewall rules. I know that some streaming video won't play on my browser until I switch from "harsh" to "normal".
From my research, I learned that most people don't get infections from old viruses that are two years old, or even two weeks old. You get infections from new viruses that are two hours old.
I'm ok, I got a call from Microsoft Support
Whenever my PC is infected, I get a timely phone call from Microsoft support telling me what to do, it doesn't cost much and I feel safe every time they call. Nothing like a bit of preventative maintenance eh?
So, how do you KNOW...
it's Microsoft calling?
"Yes sir, just type in your bank account number and PIN on this form so we can detect when anyone is trying to steal them"
Re: So, how do you KNOW
I think that was his point.
At least, I really hope so.
@Boris the Cockroach
Even then, getting to root from user space is going to be a lot harder for the malware writers. I'm not going to say that they won't manage sooner or later anyways, just that it'll hopefully be easier to closer the gaps there, contain the malware to userspace where it can be relatively easily cleaned up.
This won't work for long.
It would be very hard and expensive to realistically to fake an entire search engine, but its very easy for the malware to perform a real search, modify the results, then display that to the infected user.
Currently Google is able to detect this, because the malware writers didn't put enough effort into making their activity look like a normal search. It shouldn't take them very long to figure out how to made their searches seem completely normal.
Thumbs up for recommending three excellent free AV options. (My favorite is Avast).
I hope that Google have now scheduled outages for each of their other servers in turn, so they can discover which others are also being (mis)used.
why do it like that?
They should simply rotate to a new set of IPs, putting all of the malware feeders on hold.... hang on, instead of doing that, or even the warning banner, they should redirect infected machines to Bing.