Google (NASDAQ:GOOG) July 19 began taking the unusual step of searching users’ Microsoft (NASDAQ:MSFT) Windows computers for malware after it detected some suspicious search traffic in its servers.
A computer infected with this kind of malware, which may have come from downloading software or reading an email, may result in deleted data, stolen personal information and a slower connection to many Websites.
The malware, which hasn’t been named because it includes several variants, prompts infected Windows computers to send traffic to Google through intermediary or proxy servers, making the source of the infections tougher to trace.
Users whose computers are found to be distributing malware will see a yellow notification atop their Google Web search results, warning:
“It appears that your computer is infected with software that intercepts your connection to Google and other sites.”
Google then redirects users via a link to fix the issue by performing a system scan and updating their antivirus software if necessary.
The company confirmed the suspicious search traffic was malware after huddling with security experts at several companies that were sending this modified traffic.
The company was particularly tight-lipped about the details, presumably to continue investigating the issue. Google isn’t sure where the malware is coming from or exactly what effect, if any, the malware has on had on Google users.
More information is available on Google’s help center page here.
Search Engine Land’s Danny Sullivan ferreted out more info, including the fact that Google is concerned about “Windows Protection Suite,” a fake antivirus software program that appears to be routing traffic to Google.
Krebs on Security interviewed Google security engineer Damian Menscher, who found the pernicious software while conducting routine maintenance at a Google data center.