As announced on July 19, 2011, Google started delivering a service that warns users of possible malware infection.
According to Google’s blog article, an investigation was started after observing abnormal traffic coming to its site while performing regular maintenance. The investigation revealed that the abnormal traffic came from PCs that have been infected by a particular malware. The number of infected PCs has been reported to be a few million.
As a result of Google’s own investigation, it was found that the said PCs were infected by particular FAKEAV variants. Their system settings have been tampered with so that access to Google can only be made through particular proxies. Google started warning users of possible malware infection if access to its site was made through these proxies.
Already Used by FAKEAV?
Google’s move to take a step further to warn users is commendable from a security perspective. We foresee that Google will continue to take certain actions to make this service secure. Displaying a warning message that says, “Your PC may be infected with virus,” however, is a tactic that is already being widely used by various malware such as FAKEAV.
The unfortunate reality is that useful and valuable services tend to get manipulated and this warning message from Google may be copied by bad guys in their attempt to infect more users’ systems with FAKEAV. Rogue antivirus software that look just like Microsoft’s free security software is an example of such manipulation. We may then end up seeing some users ignore this legitimate warning message from Google or others click a fake warning message and become victims of malware.
The Need for Reputation Technology
An approach to identify malicious server and IP addresses and to take the proper security measures is nothing new and Trend Micro has been providing such a solution for several years now. The Trend Micro™ Smart Protection Network™ is a cloud-based security solution that relies on reputation technologies to work. This identifies, correlates, and analyzes not only malicious and suspicious programs but also their source websites, email servers, IP addresses, behaviors, and the like then blocks access to malicious Web and email servers and malware using cloud-based reputation databases that use such intelligence.
Web Reputation Technology, a part of the Trend Micro Smart Protection Network, prevents malware infection and damage by blocking access to malicious websites and servers that malware like FAKEAV typically use. Trend Micro recommends that users install a security solution that incorporates such a reputation technology.