14 DAY TRIAL // Google claims the owners of hundreds of thousands of computers infected with a click fraud trojan were helped by the malware warning it started displaying on its website.
The company offered a few other details about the trojan that led to the unprecedented decision to alert users via its website.
"The malware appears to have gotten onto users' computers from one of roughly a hundred variants of fake antivirus, or 'fake AV' software that has been in circulation for a while," Google said.
The company notes that it's not aware of a common name for the trojan discovered by its engineers while investigating unusual search traffic. This means the piece of malware is not widely detected yet and is only picked up by generic signatures.
Nevertheless, the trojan is relatively widespread, Google claiming that "a couple million machines are affected by this malware" and that hundreds of thousands of users have already been warned.
The company tried to address concerns expressed by various people that its warnings might be later spoofed by cyber criminals to distribute malware.
"We've heard from a number of you that you're thinking about the potential for an attacker to copy our notice and attempt to point users to a dangerous site instead. It's a good security practice to be cautious about the links you click, so the spirit of those comments is spot-on," Google security engineer Damian Menscher wrote.
"We thought about this, too, which is why the notice appears only at the top of our search results page. Falsifying the message on this page would require prior compromise of that computer, so the notice is not a risk to additional users," he explains.
Of course that's not necessarily true. Let's imagine a rogue link on a legit compromised site which takes users to a spoofed Google search results page displaying the fake warning with another link to a fake antivirus product. That would make for a pretty powerful social engineering attack.