On Tuesday 19th July Google rolled out its “search engine warning” system. For those that don’t know, Google can see infected PCs sending traffic through proxies. If unusual activity is seen through these proxies, Google will notify users with a notice saying “Your Computer appears to be infected” and provide advice (using a URL “Learn how to fix this”) to update your Internet Security and remove any malicious files and folders.
My only concern right now is that the notification and URL will no doubt be spoofed by malware writers (think scareware) given time. How many people will trust this notification? URL re-direction is a common tactic used by malware writers. Google does have the ability to detect search patterns which in itself could help determine whether a search pattern shows signs of malicious behaviour. That said I’m not so sure what the malware is and what options they might have had to block it – anyone know?
Note: Google currently incorporates warnings about malicious downloads in the Google Chrome browser (including a Safe Browsing mode aka type of sandbox).
Another thought – will Google show the warning to everyone that uses that proxy, even if only one PC is infected via that proxy? The reason I say this is the detection is being done via proxy traffic – so Google can show alerts to everyone regardless of infection. My suggestion is to make sure you have Internet Security enabled and make sure you have the latest update. Lastly, if you have concerns about Google tracking your search queries, I’d suggest you encrypt and protect your Google Search privacy.
Safe surfing folks!