Google has begun notifying its users that a particular piece of malware is installed on their computers by showing a big yellow notification above their search results (click on the screenshot to enlarge it):
The warning begun popping up yesterday, and does so only for users whose computers have been infected by a particular strain of malware that hijacks search results in order to drive users towards websites that use pay-per-click schemes.
“Some forms of malicious software will alter your computer settings to redirect some or all of your traffic through a proxy controlled by the attacker,” Google explains. “When you use Google, the proxy forwards your query to the real Google servers to fetch the search results. If our system detects that a search came through one of these proxies, we display the warning.”
For those wondering how they might have gotten infected, the answer is that they have likely been tricked into downloading this software when visiting a site or reading an email.
Or, as Google security engineer Damian Menscher shared with Brian Krebs, the search hijacking malware is part of a fake AV solution users have been tricked into downloading and installing on their computers.
Google is advising users to install or update their antivirus software in order to get rid of the malware, but warn users who don’t have an AV solution already installed to be careful when searching for one online – more so since the malware in question is more likely to serve up links to fake AV solutions.