Google: 'Your computer appears to be infected'

Filed Under: Google, Malware

It's only been a few weeks since the world's web users woke up to discover a big black bar at the top of their Google search results (introduced when Google+ was launched).

Now, some users of Google search might start seeing something else close to the top of the world's most famous home page.

Google malware warning. Click for larger version

The warning message reads:

Your computer appears to be infected.
It appears that your computer is infected with software that intercepts your connection to Google and other sites. Learn how to fix this.

At first glance, you might be worried when you see this message and think you could be on the receiving end of a fake anti-virus attack.

After all, haven't you been warned hundreds of times in the past to trust the anti-virus software you installed on your computer, not unexpected messages that pop up on websites you visit?

All is explained in a Google blog post, however.

Damian Menscher, a security engineer at Google, describes how he identified that infected computers were sending search traffic through proxies to the search engine. The intention of the cybercriminals behind the scheme was to modify the search results served up by Google to point to money-making pay-per-click sites instead.

In all, Google estimates that a couple of million Windows PCs may be affected around the world by the strain of malware they are hoping to warn users about. The firm says that it's already been able to successfully warn "hundreds of thousands of users".

Fortunately, although Google does not scan your hard drive when you search for things via, it can detect the unique traffic signature from visiting infected PCs and make a pretty informed guess about your computer's health in regard to this malware strain.

Google warningGoogle is hoping that the warning message will encourage users to update their anti-virus software, scan their computers and become more conscious of security issues.

I think what Google is doing should be applauded - anything which warns computer users about genuine malware threats has to be a good thing.

But, sadly and inevitably, there is the potential for cybercriminals to mimic the Google warning and direct users to dangerous downloads and scams. Of course, that isn't a reason why Google shouldn't warn their users, when it believes it has identified a security problem.

The danger is that many people may know what their own anti-virus software looks like when it displays a warning, but may be less familiar with how the Google warning presents itself, and where it links to.

Furthermore, Google points users to visit one of its webpages for further advice on how to fix the problem.

That page, however, includes the advice to search Google for anti-virus software suggestions. Hmm.. hasn't that sometimes gone rather wrong for people as the following video demonstrates?

(Enjoy this video? Check out more on the SophosLabs YouTube channel and subscribe if you like.)

So, always be careful about what you search for, and the links you click on when trying to find anti-virus software.

No-one should be fooled into believing that Google's initiative is any substitute for regular anti-virus software and sensible security practices. Google is attempting to alleviate a very specific malware issue that communicates with its infrastructure.

Google, you get my thumbs up for an imaginative idea that could help with a small part of the malware problem.


You might like

7 Responses to Google: 'Your computer appears to be infected'

  1. Here come the copycats. How many will verify they are on a proper Google page before clicking on anything ? I also see a case of "Google tried to fix my infected PC, it didn't work and now it's all their fault" happening. But at least they are proactive, in a way. Kudos.

  2. Oliver V · 1506 days ago

    I'm glad Google's doing this, but that does seem to be an almost comical flaw (advising to search for an antivirus program when the virus it detects is a virus that modifies search results).

    +1 to Google

  3. Richard · 1506 days ago

    And how long before the malicious proxies are updated to strip the warning message out?

  4. Adrienne Boswell · 1506 days ago

    I find it interesting that according to Google's Adwords policy : "Google AdWords prohibits the promotion of websites that participate in phishing. " and "Google doesn't allow the promotion of sites infected with malware, or the sale of malicious software."

    I'm surprised the ad in the video got through. I mean, come on, Google has ROBOTS that can check and see if a site has a Trojan. I would imagine they would spider the site BEFORE allowing it in the ad rotation.

    The video is embarrassing for Google. Yes, if they are putting the little message up warning of a possible infection, then they should also not allow sites like those in the video to advertise. Looks like Google got caught with their pants down.

    In my case, a) I never see sponsored ads because I have changed my user stylesheet to remove them and b) my hosts file does not allow most of these links anyway.

    • Just to be clear - the video is a couple of years old, and Google zapped the offending advert shortly after we told them about it.

  5. James · 1506 days ago

    The Internet has become so unruly and dysfunctional I'm not sure anything can fix it except seperate internets. One for sane people, one for insane people, ect.

  6. Jacquen · 1180 days ago

    Bit weird how this warning frequently appears on devices that are not PCs, almost smells like Google promoting anti-malware software.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley