Google's search engine is now fighting against a strain of malware that secretly intercepts Web browser activity on Windows PCs.
Infected users will see a big yellow box at the top of search results, directing them to a Google Web page that explains how to remove the malware. That page urges users to download or update their antivirus software, and also provides manual instructions for removing the malware from Windows computers. (To see if you're infected, run any search on Google.com and look for the yellow box.)
Google doesn't explain the threat in detail, saying only that the malware routes Internet traffic through intermediary servers called proxies, and that the search engine is able to detect when traffic is coming from those servers.
However, the primary IP address that Google is watching out for -- 18.104.22.168 -- has been flagged by security firms such as BitDefender and TrendMicro as part of a Trojan that warns users to install fake antivirus software.
Because Google is looking for a specific proxy, businesses that use their own proxy servers to fight infections shouldn't see the warnings. Google does note that businesses could have their own proxies infected by this malware, which would trigger a warning for all users even if their individual computers are clean.
Matt Cutts, a Google search engineer, has called this effort against malware "an experiment to alert and protect consumers that we believe have infected machines." It's not hard to imagine the company expanding the effort to a wider range of proxy-based malware.
But don't take this as a sign that Google's entering the security software business; users still need proper antivirus software -- and possibly some technical know-how -- to rid themselves of infection.