Google: Your Computer Appears to Be Infected — Krebs on Security

Google today began warning more than <a href="http://www.boseling.com/"><strong>monster beats</strong></a> a million Internet users that their computers are infected with a malicious program that hijacks search results and tries to scare users into purchasing ######## antivirus software. Google security engineer Damian Menscher said he discovered the monster network of hacked machines while conducting routine maintenance at a Google data center. Menscher said when Google takes a data center off-line, search traffic directed to that center is temporarily stopped. Unexpectedly, Menscher found that a data center recently taken off-line was still receiving thousands of requests per second. Menscher dug further and discovered the source of the traffic: more than a million Microsoft Windows machines were infected with a strain of malware designed to hijack results when users search for keywords at Google.com and other major search engines. Ironically, the traffic wasn’t search traffic at all: The malware instructed host PCs to periodically ping a specific Google Internet address to check whether the systems were online. Menscher said the malware apparently arrives on victim desktops as ######## antivirus or “scareware” programs that use misleading warnings about security threats to trick people into purchasing worthless security software. He suspects that the ######## AV program either ships with or later downloads the search hijacker component. The malware intercepts traffic destined for high profile domains like google.com, yahoo.com and bing.com, and routes it through intermediate hosts or “proxies” controlled by the attackers. The proxies are used to modify the search results that a victim sees for any given search term, and to redirect traffic to pay-per-click schemes that pay for traffic to specific Web sites. Fortunately, the traffic generated by the malware has a unique “signature” that Google is able to use to alert victims. Google is placing a prominent notification at the top of victims’ Google search results; it includes links to resources to help remove the infection. Google should be applauded for alerting users, but the hard work will be in the cleanup: Search hijackers are notorious for blocking users from visiting antivirus Web sites or other popular sources of malware removal tools. Related posts:Scammers <a href="http://mcd.imnext.cn/blog/blog.php?do=showone&uid=2006&type=blog&itemid=4764 64"><strong>Hp Laptop Batteries Recalled</strong></a> Swap Google Images for Malware Google Debuts “This Site May Be Compromised” Warning Google Adds 1-Time Passwords to Gmail, Apps Google Adds 2-Factor Security to Gmail, Apps ######## Anti-virus Peddlers Outmaneuvering Legitimate AV Tags: Damian Menscher, ######## AV, google This entry was posted on Tuesday, July 19th, 2011 at 10:10 pm and is filed under Latest Warnings, Security Tools. You can follow any comments to this entry through the RSS 2.0 feed. You can skip to the end and leave a comment. Pinging is currently not allowed.