Last month Google warned WordPress site owners of out-of-date versions of their content management software as a preventitive strike to getting hacked. Starting Monday, Google began warning people who have a specific piece of malware that uses proxies to send your data to and from the sites you visit.
Short for "malicious software," malware is computer code that attempts to hide itself from you in an attempt to mine your data, use your computer's resources, or simply cause harm to your computer, all without your knowledge or consent. In their announcement, Google said they are taking steps to notify users who have one particular type of malware.
Since Google knows what computer sends the traffic, the search engine is aware that the request is coming from a site of ill-intent. While they don't know who you are, they know that the information they send back to you is being intercepted (and possibly tampered with) before it actually gets back to you. In the computer security world, this is called a "man in the middle" attack.
Why Should I Care?
Man in the middle attacks are particularly evil because everything you send across the Internet is transmitted through another server before reaching its destination. Conversely, all the data send back from the site you visit is also sent back through some other server.
For example, you have this particular malware installed, you go to Google and search for something. This other server knows what you've just searched for and everything Google sent back to you.
If you don't care yet, consider this: If you log into your Google Account, your username and password just got intercepted. If you go to your bank's website, everything your bank requires you to enter to login has also been sent.
If you keep your password saved in your browser, don't think you're not affected. All saving your password does is prevent you from physically typing each time you log in. The information saved in those fields is still transmitted. If you have this particular piece of malware, your information is most certainly compromised.
Bottom line: if you see this warning on Google, take it seriously. Many anti-virus software don't discover this type of malware.
Make sure your antivirus software is up to date. If you want to muck around for yourself, Google offers these tips for cleaning your system. See the collapsed section labeled "See the technical instructions for Windows Users," under step 2.
Image credit: owasp.org
Introducing SES Online
Want to view one of the sessions you missed or listen to an especially informative presenter a second time? SES New York sessions are available for purchase on ClickZ Academy's new e-Learning site. SES is now Online!