Wednesday, July 20, 2011

Protecting Users From Malware Using Knowledge Gained From Data

You may have seen an unusual sign if you visited Google recently, like in the image above. That is Google and power of data acting together with security engineers to protect you.
If you see the message, your machine is infected with a strange variant on malware.
Google was able to detect that computers infected with this strain of malware is sending traffic to Google via a set of proxy servers.
Google expect to help out users with eradicating these malware by warning users when traffic is coming from these proxies. Users are directed to a special help page to work with antivirus software to remove infections.
So far this is what Google / we know about these infections;
  • The malware appears to have gotten onto users' computers from one of roughly a hundred variants of fake antivirus, or "fake AV" software that has been in circulation for a while. We aren't aware of a common name for the malware.
  • We believe a couple million machines are affected by this malware.
  • We've heard from a number of you that you're thinking about the potential for an attacker to copy our notice and attempt to point users to a dangerous site instead. It's a good security practice to be cautious about the links you click, so the spirit of those comments is spot-on. We thought about this, too, which is why the notice appears only at the top of our search results page. Falsifying the message on this page would require prior compromise of that computer, so the notice is not a risk to additional users.
  • In the meantime, we've been able to successfully warn hundreds of thousands of users that their computer is infected. These are people who otherwise may never have known.

Official Google Blog: Using data to protect people from malware