Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Warns Users About Active Malware Infection

Posted by CmdrTaco on from the hooray-i'm-clean dept.

dinscott writes "Google has begun notifying its users that a particular piece of malware is installed on their computers by showing a big yellow notification above their search results. The warning begun popping up yesterday, and does so only for users whose computers have been infected by a particular strain of malware that hijacks search results in order to drive users towards websites that use pay-per-click schemes."

6 of 80 comments (clear)

  1. Proxy by mwvdlee · · Score: 5, Insightful

    The malware works by redirecting search queries through a proxy. It should be easy for the proxy to just remove the warning or reroute it so Google can't identify the malware.

    --
    Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
  2. Awesome! by abigsmurf · · Score: 4, Insightful

    I bet Malware authors are already copying these messages in order to trick people into installing scareware.

  3. Same as before. by poofmeisterp · · Score: 4, Informative

    Flashback, man.

    This is almost 100% the same as the last piece of malware I was asked to remove from three peoples' machines over the course of a couple of months.

    It was such a pain in the butt because I spent an hour manually cleaning the registry while using a live CD, looking for the newest modified-time files on the machine, looking for installed "Oh-I'm-so-cool" applications, browser extensions, system libs, etc etc etc.....

    In the end, I find out that it was cleaned off after my first registry run key deletion session, but the damn proxy was set in both Mozilla and IE to a remote IP. Now, Proxy is one of the first things I check with there's ad-based or redirectional malware reported.

    What's next?

  4. Re:Like those fake warnings we tell people to clos by wadeal · · Score: 2

    The message we try to give to users is close it, if you're not comfortable then call us (we do helpdesk support) and we'll jump on remotely and check for any infection.

    Yes you're right, they're are plenty of times an infection can't be avoided, but there are time when it can be simply by hitting the X in the top right corner.

  5. Re:Like those fake warnings we tell people to clos by wadeal · · Score: 2

    Shared PCs used by Nurses (We support primarily aged care computer systems) to enter data into whatever software or browser based solution the customer use. There's definitely a need for control of what software is installed. But due to other users that require more access (Lifestyle, Managers) and a few lazy customers that refuse to move to individual accounts we have to basically allow most content through and block installation of any software (Yes we should be using a solution like SteadyState or DeepFreeze but that hasn't happened for various reasons) using policy.

  6. Friday Night VIrus Fight by Matt.Battey · · Score: 3, Informative

    I picked up that strain on my desktop PC Friday night. Weirdest thing. It started out by popping up a window (that I thought was Windows Defender) indicating I had a trojan. Might have even have been from Defender, it would close right away... Anyway, I started with safe-mode boot, Ad-Aware and Spybot, no dice. I ended up installing Norton Network Security, and it couldn't find it. I had to run Norton Power Eraser. Crazy. A commercial virus scanner that can't find viruses.

    It installs itself in the MBR as a root kit, the proxy may even be local on the pc, downloaded on start-up.