This Blog has Moved!

This blog is moving to


Thank you for visiting! Content will remain here for archival purposes.

Using Google Insights to Track Computer Virus Outbreaks


Google.org currently maintains "Google Flu Trends" which works by looking at search keywords as indicators of flu activity.

I've been doing some thinking recently, and why not apply the same to computer virus outbreaks?


I'm still trying to refine the search keywords, but there's a good article on CNet which might provide some starter info.

Based upon the article, I've created the following string for insights. Note that Insights treats + as a logical OR...

"computer virus infection" + "computer slow" + "computer crashes" + "program opens slow" + "annoying popups" + "is symantec.com down" + "is mcafee.com down" + "is trendmicro.com down" + "can't update antivirus"
It's important to note however, that using the above search string along will not produce the "global infection map" we're looking for.  This only looks at English-language searches, and does not include searches in other languages.  We can however use this string to create a nice map showing infection trends in the United States over the past year.

Since most infections result in searches such as "why is my computer slow", here is a multi-lingual search string:
computer slow + ordinateur lent + ordenador lento + bilgisayar yavaş + コンピューターが遅い + 느린 컴퓨터 + 计算机速度慢 + computer langsom + 電腦速度慢 + компьютер медленно + powolny komputer + بطء جهاز الكمبيوتر

If the above string is accurate enough to indicate that the user is infected with a virus, then we can view global infection trends for home users.

We can try to validate this data by looking at October 2008 through February 2009, when Conficker was infecting the most computer systems.  Conficker started infecting computers in November, 2008, and in January 2009 reached a peak of possibly 15 million infections.



More importantly, we can use the data for the past 30 days to monitor for spikes in activity, which would indicate a possible malware infection is spreading in the wild.

We can also use this data to create a rather interesting global history of malware infections.

No comments:

Post a Comment