A quick-witted Google engineer has uncovered evidence that as many as one million Windows PCs appear to have been infected by browser redirection malware that is sending searches through proxy servers in order to generate hit traffic. A quick-witted Google engineer has uncovered evidence that as many as one million Windows PCs appear to have been infected by browser redirection malware that is sending searches through proxy servers in order to generate hit traffic.This type of attack has been around for years in one form or another, but the scale of what Google engineer Damian Menscher chanced upon from a single family of malware is still unusual in its scale.Performing routine maintenance on a data centre, Menscher noticed unusual traffic still arriving at the servers from unusual addresses. Calling in help from security experts, it was discovered that the requests were coming from a large clutch of PCs infected by proxy redirection malware.Google has now added a layer of detection that picks up on the redirection attack and gives its victims a search page message ‘Your computer appears to be infected’ if traffic through the proxies is noticed. “We hope that by taking steps to notify users whose traffic is coming through these proxies, we can help them update their antivirus software and remove the infections,” Google said in an official blog.For anyone in doubt, the symptoms of this type of attack are easy to spot although not always easy for a user to clean up. When making Google searches, users are sent to any one of a variety of unrelated sites for porn, malware, fake anti-virus, or cloned products. That points to the limitation of Google’s action; it tells affected users they have a problem but doesn’t directly do anything about it.The basic symptom will be interference in the PC’s ‘hosts’ configuration file, but editing is not guaranteed to succeed. If the PC is infected with malware, the redirection is likely a symptom of a deeper issue that requires a system restore (to a point before the infection was noticed) or the use of up-to-date antivirus software to attempt to strip out the infection.Google doesn’t mention which malware is associated with the issue but Menscher told security writer Bryan Krebs that he believed that a fairly standard fake AV scareware campaign was the most likely culprit. That would explain the large numbers of users that appear to have been affected.Google has published a basic help article for anyone that sees the Google warning. Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe