As announced on July 19, 2011, Google started a service that warns users of possible malware infection.
According to Google‘s blog article, an investigation was started after observing abnormal traffic coming to Google whilst performing regular maintenance. The investigation revealed that the abnormal traffic came from PCs infected with a particular piece of malware. The amount of infected PCs is reported to be a few millions.
As a result of the Google‘s own investigation, they found that these infected PCs were affected by particular FAKEAV variants. Affected PCs’ system settings have been tampered so that access to Google was made through particular proxies. Google started warning users of possible malware infection if access to Google was made through these proxies.
Already Used by FAKEAV?
Google taking a step further to warn users, from a security perspective, is commendable. We foresee that Google will continue to take actions to make their service secure. However, displaying a warning message “Your PC may be infected with virus.” Is a tactic already and widely used by various malware such as FAKEAV software.
Also, the unfortunate reality is that useful and valuable services tend to get manipulated, and this warning message from Google may be copied by bad guys in their attempt to infect users with FAKEAV. FAKEAV that looks just like Microsoft‘s free security software is an example of such manipulation. As such, we may end up seeing some users ignoring this legitimate warning message from Google whilst some clicking a fake warning message from bad guys and becoming victim of malware.
The Need for Reputation Technology
An approach to identify malicious servers and IP addresses and take security measures is nothing new, and Trend Micro has been providing such a solution for several years. Trend MicroT Smart Protection NetworkT is a security solution from the cloud, and is based on technology called reputation. This technology identifies, correlates and analyses not only malicious and suspicious programs but also their source websites, email servers, IP addresses, behaviours, etc, and blocks access to these malicious web servers, email servers, and malware using cloud-based reputation database based upon such intelligence.
Web Reputation Technology, a part of Trend Micro Smart Protection Network, prevents malware infection and damage by blocking access to malicious websites and servers typically used by malware such as FAKEAV. Thus, Trend Micro recommends that users install security solution that incorporates such a reputation technology.
Leave a reply