That picture of a cat licking a lollipop you found on Google Images may be infected.
According to the SANS Internet Storm Center, a number of Google Images are actually infected with malware that misdirects users to pages that try to sell fake anti-virus scareware and to makes users believe they must download the program to avoid viruses.
These scammers use photos from third-party sites so that the images appear to be legitimate, using top search terms from Google Trends so that the content on the page also seems real.
When a user clicks on an infected thumbnail, his/her browser sends a request to the infected page, which then runs the hacker's script, and then redirects to the site trying to peddle scareware. SANS guesses there are over 5,000 hacked sites, with Google referring about a half million visits to these fake sites each day.
While researcher Bojan Zdrnja has developed a Firefox add-on that displays the infected images with a border in red, it is not yet available for public use.
Google spokesman Jay Nancarrow told Krebs on Security that the company is making "active efforts to improve both the quality of the results and malware detection. We're improving, as are the people trying to put users at risk, and in the interests of those users it's best if we don't reveal everything that we're doing about this."