Google has taken many steps to help users avoid malware, with anti-malware services including blocking infected sites on the SERP, adding new levels of security to Chrome, and giving Chrome users a warning when they’re trying to download malicious software. Now Google has taken this a step further. After detecting strange search traffic signals during routine maintenance, the company found a way to detect malware based on user signals on the search page. Users who give those signals are notified and given directions on how to kill the malware.
Details on the Malware
The malware seems to have been distributed through fake antivirus software. It’s hard to find if you have it, though, because the fake antivirus program goes by hundreds of different names. Google, though, can detect some of its behavior: It attempts to “send traffic to Google through a small number of intermediary servers called ‘proxies,'” according to the Official Google Blog entry on the topic.
Users shouldn’t mistakenly think this is the only impact of the malware, however. Fake antivirus programs often spy on the computer and slow its access. A system with this software loaded should be considered compromised. This proxy behavior is important, though, because it’s detectable. That allows Google to give users a notification that they may be infected, and then provide the user with a link to details on removing the malware themselves.
Most of what’s described in those directions is common sense. Steps include getting an antivirus program and running a system scan. You can check out the full directions here.
Helping Users Help Google’s Self
While this is a kind thing for Google to do, the company is certainly getting several advantages through helping users. Beyond the obvious “making people love Google more,” eliminating the malware also reduces stress on Google’s proxy servers. The malware-generated search signals were likely impacting those servers for the worse, especially considering that Google found “hundreds of thousands of users” that were infected.
[Sources include: The Official Google Blog]