Google Warns Of Malware Redirecting To Its Search Results

Do a search on Google, and you might get an unexpected surprise. A big notice at the top of your results warning that your computer has been infected with malware.

Here’s an example of how it looks:

What malware? Produced by whom? Google’s not giving any details there yet, simply blogging:

This particular malware causes infected computers to send traffic to Google through a small number of intermediary servers called “proxies.” We hope that by taking steps to notify users whose traffic is coming through these proxies, we can help them update their antivirus software and remove the infections.

The blog post itself has the fairly innocuous title of “Using data to protect people from malware.”

This is malware so threatening, so menacing that Google does unprecedented above-the-search results warnings, and Google describes it as an exercise in data analysis? How about: “Warning: Your Computer May Be Infected & Here’s How To Fix It.”

The post also doesn’t mention that the malware is restricted to Windows computers, nor does the help page make this clear. Indeed, the “fix” that the help file talks about is to run an anti-virus program. It doesn’t say exactly what malware that software should detect, if any.

The help page does provide, if you drill down, some guidance that your Windows host file will be changed to apparently reference the IP address of along with some others.

Ironically, doing a search for the IP address quickly suggests that Google is concerned about “Windows Protection Suite,” which one site describes as a fake anti-virus software program.

The IP address, by the way, appears to be Google’s own. The program, I’m guessing, is routing the traffic eventually to Google after monitoring it or logging it for whatever reasons it has.

If you get one of these notices on a Windows computer and don’t already run an anti-virus program, well, that’s as good as reason as any. But it would sure be better if Google provided some more details.

Postscript: A Google spokesperson tells me via email, after I asked why the particular malware wasn’t named:

We detected a large number of variants of the malware. As a result, naming is not so straight-forward. From a user’s perspective, it’s more important to understand that their computer is infected and that they should take steps to fix it. You may have noticed that there is a feedback form in our Help Center for people to report what they’ve found, and they can also ask questions about the results.

I also asked if we’d see more warnings like this going forward and was told:

We haven’t displayed this type of warning before, so we can’t say what we’ll do going forward. We came across this particular type of malware in the course of the work that’s described in the blog post, which is why we were able to take action in this case. As I mentioned, we realized we were in a position to use that information to help our users. Who knows if anyone else would have warned them?

The spokesperson also commented:

The title of your post is not quite accurate. The malware doesn’t redirect to Google’s search results, technically speaking. Something like “modifying traffic to its search results” would be more correct.

I’m uncertain, honestly, what else to change the title to. Originally I’d had the title of:

Google Warns Of Malware Changing Its Search Listings

That was clearly incorrect, and I fixed that a few minutes after the original post went up. There is malware that does alter Google’s search results. It’s a common question we get asked here at Search Engine Land, actually — why do my Google results look this odd way? Malware is often to blame.

That’s not what’s happening here. What is happening is unclear. This malware appears to be redirecting to Google itself, not necessarily its search results. But Google’s putting warnings into its search results, which suggests a search results connection of some type.

Bottom line. Malware isn’t new, nor have users of Windows computers been oblivious to it. Indeed, Windows itself will warn you of the need to protect against malware in various ways. I’m pretty sure Windows Defender even ships with Windows 7, or that Windows 7 at least warns you if you don’t have it installed.

Even if Windows Defender doesn’t detect this type of malware, it’s just not uncommon for Windows users to know they need to have anti-virus / malware detection software. It is uncommon, extremely uncommon, for Google to suddenly issue what seems to be an urgent warning about a particular type of malware.

Over at Krebs On Security, they appear to have interviewed the Google engineer who spotted the malware, which does suggest that the malware was indeed altering search results.

Related Topics: Channel: Content | Google: Reader | Google: Security | Google: Web Search | Top News


About The Author: is a Founding Editor of Search Engine Land. He’s a widely cited authority on search engines and search marketing issues who has covered the space since 1996. Danny also serves as Chief Content Officer for Third Door Media, which publishes Search Engine Land and produces the SMX: Search Marketing Expo conference series. He has a personal blog called Daggle (and keeps his disclosures page there). He can be found on Facebook, Google + and microblogs on Twitter as @dannysullivan.

Connect with the author via: Email | Twitter | Google+ | LinkedIn


Get all the top search stories emailed daily!  


Other ways to share:

Read before commenting! We welcome constructive comments and allow any that meet our common sense criteria. This means being respectful and polite to others. It means providing helpful information that contributes to a story or discussion. It means leaving links only that substantially add further to a discussion. Comments using foul language, being disrespectful to others or otherwise violating what we believe are common sense standards of discussion will be deleted. Comments may also be removed if they are posted from anonymous accounts. You can read more about our comments policy here.
  • Maurice Walshe

    how long before scammers have fake av programs that mimic this behaviour

  • Nate White

    Could this have anything to do with Google’s “mysterious yellow dot?”

  • kevint

    I haven’t gotten the error message, but the threat of malware is everywhere. You can get malware from any kind of download on the net. Is it possible that this is a ‘microsoft thing’ from what i had read from Cutts’s G+ account, that it was at least at the time reccomended for ‘windows’ users. Are they logging search from Google? Google retaliates by removing the “malware” on your computer? Sounds like Conspiracy Therory, but i doubt that the scenario is that far-fetched.

Get Our News, Everywhere!

Daily Email:

Follow Search Engine Land on Twitter @sengineland Like Search Engine Land on Facebook Follow Search Engine Land on Google+ Get the Search Engine Land Feed Connect with Search Engine Land on LinkedIn Check out our Tumblr! See us on Pinterest


Click to watch SMX conference video

Join us at one of our SMX or MarTech events:

United States


Australia & China

Learn more about: SMX | MarTech

Free Daily Search News Recap!

SearchCap is a once-per-day newsletter update - sign up below and get the news delivered to you!



Search Engine Land Periodic Table of SEO Success Factors

Get Your Copy
Read The Full SEO Guide