Google Online Security Blog: July 2011

2-step verification: stay safe around the world in 40 languages

July 28, 2011

Posted by Nishit Shah, Product Manager, Google Security(Cross-posted from the Official Google Blog)introduced2-step verification2-step verification videomalware and phishing scamssign up for 2-step verificationblog seriestips and tricksfive easy waysUpdate on 12/1/11

Using data to protect people from malware

July 19, 2011

This particular malware causes infected computers to send traffic to Google through a small number of intermediary servers called “proxies.” We hope that by taking steps to notify users whose traffic is coming through these proxies, we can help them update their antivirus software and remove the infections.

We hope to use the knowledge we’ve gathered to assist as many people as possible. In case our notice doesn’t reach everyone directly, you can run a system scan on your computer yourself by following the steps in our Help Center article.

Updated July 20, 2011: We've seen a few common questions we thought we'd address here:

The malware appears to have gotten onto users' computers from one of roughly a hundred variants of fake antivirus, or "fake AV" software that has been in circulation for a while. We aren't aware of a common name for the malware.
We believe a couple million machines are affected by this malware.
We've heard from a number of you that you're thinking about the potential for an attacker to copy our notice and attempt to point users to a dangerous site instead. It's a good security practice to be cautious about the links you click, so the spirit of those comments is spot-on. We thought about this, too, which is why the notice appears only at the top of our search results page. Falsifying the message on this page would require prior compromise of that computer, so the notice is not a risk to additional users.
In the meantime, we've been able to successfully warn hundreds of thousands of users that their computer is infected. These are people who otherwise may never have known.

Posted by Damian Menscher, Security Engineer(Cross-posted from the Official Google Blog)

Help Center articleUpdated July 20, 2011:

The malware appears to have gotten onto users' computers from one of roughly a hundred variants of fake antivirus, or "fake AV" software that has been in circulation for a while. We aren't aware of a common name for the malware.

We believe a couple million machines are affected by this malware.

We've heard from a number of you that you're thinking about the potential for an attacker to copy our notice and attempt to point users to a dangerous site instead. It's a good security practice to be cautious about the links you click, so the spirit of those comments is spot-on. We thought about this, too, which is why the notice appears only at the top of our search results page. Falsifying the message on this page would require prior compromise of that computer, so the notice is not a risk to additional users.

In the meantime, we've been able to successfully warn hundreds of thousands of users that their computer is infected. These are people who otherwise may never have known.

Security Blog

2-step verification: stay safe around the world in 40 languages

Using data to protect people from malware

Labels

Archive

Feed