pot, kettle etc
"a type of malware that manipulates search requests"
see title
Google is issuing warnings to people whose computers are infected with a type of malware that manipulates search requests. A strain of rogue anti-virus software also includes a search hijacker component. The hijacker is designed to further enrich scammers by redirecting users of compromised machines through various dodgy pay- …
I can't see what more Google can do that would be acceptable other than put up a warning on the Google search page itself. I'd be tempted to rick-roll them on every search result at the very least. Maybe not give them any results until they get themselves fixed.
What we really need is some mechanism for Google and other authoritative sites to be able to inform ISP's of malware on their customers sites so ISP's can investigate and suspend or limit their services where appropriate. They probably have that power under their AUP already so it's not an unreasonable solution. But would ISP's actually care enough to do it?
Because they might reasonably deal with malicious or disruptive traffic on their networks, in the same way that they deal with DDoS or routing/DNS foul-ups? I'm not saying that they /should/ do so, but it's not altogether unreasonable that they might and it wouldn't be the end of the Internet as we know it.
The only thing that worries me is that a typical dumb user (who is most likely to need this) won't be able to tell this apart from one of those ubiquitous fake virus scams.
I'm not sure what could be done about that though, it's clearly better than not warning people at all.
this is too much like those phishing virus/trojans that claim your computer is infected.
What it SHOULD say is:
Your computer is infected. Shut it down now, take it to your best geek buddy, buy him a venti nonfat tripple espresso, and ask HIM to fix it, because you can't trust links like this, and your judgment is impaired otherwise you'd never have gotten infected in the first place.
http://googleonlinesecurity.blogspot.com/2011/07/using-data-to-protect-people-from.html#comment-9180613052195202845
A collection of 755 exploits dating back to 2003. http://www.exploit-db.com/platform/?p=linux
That took less than a minute to find on Google. All systems have exploitable bugs and accompanying malware. Of course, some platforms have more bugs or malware than others.
And El Reg already discussed malware customized for IE, FF, Chrome and Safari. http://www.theregister.co.uk/2011/03/02/rogue_av_mimics_firefox/
I had this problem four months ago with Firefox. My Trend Micro antivirus was up-to-date and my Outpost Firewall is solid. I was searching for and wanted to watch a security video that wouldn't load. Outpost told me it wanted a connection, so I allowed it. Later, I noticed that many of my Google search results when clicked want to strange websites filled with ads. I later figured out I had an infection.
Trend Micro, McAfee, Spybot, and Symantec scanners all turned up nothing. I had to research it myself and eventually found the problem myself. I quarantined the infected file so I could test other antivirus programs with it (Only the Sophos & Avira scanners detect it). My computer ended up with all sorts of network-related problems (not virus, but damage from deleted files & deleted registry entries), which I had to correct myself. I now use Avira Antivirus.
Look, I'm an advanced computer user and I got infected. Common antivirus programs didn't detect the problem.
I have very harsh firewall rules. I know that some streaming video won't play on my browser until I switch from "harsh" to "normal".
From my research, I learned that most people don't get infections from old viruses that are two years old, or even two weeks old. You get infections from new viruses that are two hours old.
Even then, getting to root from user space is going to be a lot harder for the malware writers. I'm not going to say that they won't manage sooner or later anyways, just that it'll hopefully be easier to closer the gaps there, contain the malware to userspace where it can be relatively easily cleaned up.
It would be very hard and expensive to realistically to fake an entire search engine, but its very easy for the malware to perform a real search, modify the results, then display that to the infected user.
Currently Google is able to detect this, because the malware writers didn't put enough effort into making their activity look like a normal search. It shouldn't take them very long to figure out how to made their searches seem completely normal.
Thumbs up for recommending three excellent free AV options. (My favorite is Avast).