Google warns users of malware that could cause internet disruption July 9
25th May 2012 | 23:28
Malware lain repressed in users' systems for months
Google search users have begun seeing messages at the top of search results informing them that their computers are infected and that they could lose the ability to connect to the internet in the future.
The message looks at first like the sort of malicious pop-up frequently seen when surfing the web's shady underbelly, but on closer inspection is revealed to come straight from Google.
"Your computer appears to be infected," the warning reads.
"We believe that your computer is infected with malicious software. If you don't take action, you might not be able to connect to the internet in the future."
FBI operation "Ghost Click"
The message refers to the prolific "DNSChanger" malware program, also known as "RSPlug," "Puper, " and "Jahlav."
It's lain dormant in hundreds of thousands of computers, including many running Mac OS X, suppressed only by a network of FBI servers set up last year.
On July 9, the FBI's "Ghost Click" network is scheduled to be terminated, leaving infected computers unable to connect to the internet.
OS X Mountain Lion: what you need to know
OS X Mountain Lion compatibility: will your Mac take it?
The DNSChanger virus was the result of a focused effort to steal personal information, one that ended in six arrests last November.
The malware rerouted computers to the criminals' DNS servers, effectively giving them access to the personal data of hundreds of thousands of internet users.
When the FBI seized the servers, they decided to legitimize them rather than switching them off so that users would still have access to the internet.
But the servers will be shut down July 9, and any computers still routing through them will lose their internet connections.
Google's stepping up
The FBI's improvised servers send a special IP address to Google's servers when infected computers query Google's search engine.
Google recognizes the special IPs and displays the warning to those users, providing steps to help remove the DNSChanger malware before the servers are shut down on July 9.
It's unclear exactly why Google stepped up to spread the word about the DNSChanger malware, and the search giant did not immediately respond to TechRadar's request for comment.