
"Recently, we found some unusual search traffic while performing routine maintenance on one of our data centers. After collaborating with security engineers at several companies that were sending this modified traffic, we determined that the computers exhibiting this behavior were infected with a particular strain of malicious software (...) that causes infected computers to send traffic to Google through a small number of intermediary servers called proxies," explains Google.
Showing a warning message is not a foolproof idea, since malicious software could easily remove it or use it to install more malware. Google links to a page titled "Your computer appears to be infected", which suggests to install an antivirus software and perform a system scan. The page doesn't suggest to install a different operating system or to buy a Chromebook.
"Some forms of malicious software will alter your computer settings to redirect some or all of your traffic through a proxy controlled by the attacker. When you use Google, the proxy forwards your query to the real Google servers to fetch the search results. If our system detects that a search came through one of these proxies, we display the warning," informs Google.
{ Thanks, Herin. }

I can't help but think this is a horrible idea. It looks like the kind of popup you would get from an actual malware or suspicious site. The end result is that people will trust Google less, or, worse, trust those kinds of popups MORE.
ReplyDeleteI agree and am in search of more details. There are so many ways this can be faked even. If anyone has more details before the panic starts, please email me ASAP at rtcomp@gmail.com
ReplyDelete@Anonymous You are arguing that Google's popup will create trust in warning popups, including the bogus ones. Maybe not. The Google warning page specifically warns about fake products, so may actually inoculate people against them who haven't encountered them before.
ReplyDeleteAny chance they will post more information about the unusual traffic so companies can prepare intrusion detection signatures for it?
ReplyDelete