back to article Google sends warnings to machines with infected search

Google is issuing warnings to people whose computers are infected with a type of malware that manipulates search requests. A strain of rogue anti-virus software also includes a search hijacker component. The hijacker is designed to further enrich scammers by redirecting users of compromised machines through various dodgy pay- …


This topic is closed for new posts.
  1. Field Marshal Von Krakenfart

    pot, kettle etc

    "a type of malware that manipulates search requests"

    see title

  2. Jason Bloomberg Silver badge

    Damned if they do, damned if they don't

    I can't see what more Google can do that would be acceptable other than put up a warning on the Google search page itself. I'd be tempted to rick-roll them on every search result at the very least. Maybe not give them any results until they get themselves fixed.

    What we really need is some mechanism for Google and other authoritative sites to be able to inform ISP's of malware on their customers sites so ISP's can investigate and suspend or limit their services where appropriate. They probably have that power under their AUP already so it's not an unreasonable solution. But would ISP's actually care enough to do it?

    1. Elmer Phud

      Why is it down to the ISP's?

      The customer is supposed to be responsible for thier machine - either we have a fully nannied-up system or we have freedom.

      your choice?

      1. J 3

        @Why is it down to the ISP's?

        Look up "false dichotomy fallacy" -- you can even use Google for that! -- the last refuge of the hard of thinking.

      2. Anonymous Coward

        re: Why is it down to the ISP's?

        Because they might reasonably deal with malicious or disruptive traffic on their networks, in the same way that they deal with DDoS or routing/DNS foul-ups? I'm not saying that they /should/ do so, but it's not altogether unreasonable that they might and it wouldn't be the end of the Internet as we know it.

    2. Oninoshiko


      You mean something like ""? (Not that most ISPs dont have that account storing it's mail in /dev/null)

  3. Old Handle


    The only thing that worries me is that a typical dumb user (who is most likely to need this) won't be able to tell this apart from one of those ubiquitous fake virus scams.

    I'm not sure what could be done about that though, it's clearly better than not warning people at all.

  4. Anonymous Coward
    Anonymous Coward

    this message would be less risky

    this is too much like those phishing virus/trojans that claim your computer is infected.

    What it SHOULD say is:

    Your computer is infected. Shut it down now, take it to your best geek buddy, buy him a venti nonfat tripple espresso, and ask HIM to fix it, because you can't trust links like this, and your judgment is impaired otherwise you'd never have gotten infected in the first place.

    1. Vic

      Re: this message would be less risky

      > buy him a venti nonfat tripple espresso

      You appear to have mis-spelt "beer"...


      1. Anonymous Coward
        Anonymous Coward

        even less risky.

        And you, Vic, seem to have misspelled gin.

        Mine will be a pint.

        1. Captain Scarlet

          Removing virus's

          Best done completly drunk and out of your mind on coffee beer and gin

  5. Boris the Cockroach Silver badge

    or use linux

    at least until the bastards start writing mal-ware to target us smug linux gits

    1. DaveDaveDave

      Linux... malware, isn't it?

    2. Anonymous Coward

      You mean like this?

      A collection of 755 exploits dating back to 2003.

      That took less than a minute to find on Google. All systems have exploitable bugs and accompanying malware. Of course, some platforms have more bugs or malware than others.

      And El Reg already discussed malware customized for IE, FF, Chrome and Safari.

  6. BillG


    I had this problem four months ago with Firefox. My Trend Micro antivirus was up-to-date and my Outpost Firewall is solid. I was searching for and wanted to watch a security video that wouldn't load. Outpost told me it wanted a connection, so I allowed it. Later, I noticed that many of my Google search results when clicked want to strange websites filled with ads. I later figured out I had an infection.

    Trend Micro, McAfee, Spybot, and Symantec scanners all turned up nothing. I had to research it myself and eventually found the problem myself. I quarantined the infected file so I could test other antivirus programs with it (Only the Sophos & Avira scanners detect it). My computer ended up with all sorts of network-related problems (not virus, but damage from deleted files & deleted registry entries), which I had to correct myself. I now use Avira Antivirus.

    Look, I'm an advanced computer user and I got infected. Common antivirus programs didn't detect the problem.

    1. Anonymous Coward
      Anonymous Coward

      "I'm an advanced computer user"

      So advanced that your OS used a registry !

    2. Anonymous Coward

      re: I'm an advanced computer user

      ... who thinks it's reasonable to open his firewall to something just to watch a video?

      1. BillG

        re: I'm an advanced computer user

        I have very harsh firewall rules. I know that some streaming video won't play on my browser until I switch from "harsh" to "normal".

        From my research, I learned that most people don't get infections from old viruses that are two years old, or even two weeks old. You get infections from new viruses that are two hours old.

  7. Anonymous Coward
    Thumb Up

    I'm ok, I got a call from Microsoft Support

    Whenever my PC is infected, I get a timely phone call from Microsoft support telling me what to do, it doesn't cost much and I feel safe every time they call. Nothing like a bit of preventative maintenance eh?

    1. Allan George Dyer
      Paris Hilton

      So, how do you KNOW...

      it's Microsoft calling?

      "Yes sir, just type in your bank account number and PIN on this form so we can detect when anyone is trying to steal them"

      1. Ken Hagan Gold badge

        Re: So, how do you KNOW

        I think that was his point.

        At least, I really hope so.

  8. Remy Redert

    @Boris the Cockroach

    Even then, getting to root from user space is going to be a lot harder for the malware writers. I'm not going to say that they won't manage sooner or later anyways, just that it'll hopefully be easier to closer the gaps there, contain the malware to userspace where it can be relatively easily cleaned up.

  9. ZenCoder
    Thumb Up

    This won't work for long.

    It would be very hard and expensive to realistically to fake an entire search engine, but its very easy for the malware to perform a real search, modify the results, then display that to the infected user.

    Currently Google is able to detect this, because the malware writers didn't put enough effort into making their activity look like a normal search. It shouldn't take them very long to figure out how to made their searches seem completely normal.

    Thumbs up for recommending three excellent free AV options. (My favorite is Avast).

  10. Martin Budden Silver badge


    I hope that Google have now scheduled outages for each of their other servers in turn, so they can discover which others are also being (mis)used.

    1. Anonymous Coward
      Anonymous Coward

      why do it like that?

      They should simply rotate to a new set of IPs, putting all of the malware feeders on hold.... hang on, instead of doing that, or even the warning banner, they should redirect infected machines to Bing.

This topic is closed for new posts.

Other stories you might like