Results 1 to 8 of 8
  1. #1
    Troll Killer and best Snooper!
    I decide when the pigs fly!
    Rhea's Avatar
    Join Date
    January 18th, 2005
    Location
    New York, USA
    Posts
    6,195
    "Malware Poisoning Results for Innocent Searches"
    Malware Poisoning Results for Innocent Searches

    Tens of thousands of malware-serving pages, crafted to reach a high search engine ranking, are showing up in the first page of returns from Google, Yahoo and Live.
    I've seen a bunch of these on Google in the last couple of days and wasn't sure what I was looking at. They all have nonsensical domains like sldflksjdlfkdjs and a .cn extension.

  2. #2
    ABW Ambassador
    Join Date
    November 25th, 2005
    Posts
    639
    Rhea,

    I think that there may be another parallel explanation for otherwise honest looking pages serving up malware. I host a number of sites on one account and recently all of my sites were hacked. The hack was a peice of javascript placed on the the bottom (before the closing body tag) of every index, default and signup page (plus a few that I forget). The script prompted users to download a codec (much like in the article. The hacker got in through an unprotected "contact us" form field. (Form to database) What I couldn't understand is how he accessed the file system from the database. Creepy. Any how, I bet that many unsuspecting website owners are infected in a similar way and don't even know it.

    Dave

  3. #3
    Troll Killer and best Snooper!
    I decide when the pigs fly!
    Rhea's Avatar
    Join Date
    January 18th, 2005
    Location
    New York, USA
    Posts
    6,195
    Oh blecccch. Dave, I don't use contact forms on my web sites but I do have them on a couple of my Cafe Press shops. Is there a way to check if my shops are infected or if they're vulnerable? (I paid someone to make the contact form pages for me so I have no idea how they're built.)

  4. #4
    Comfortably Numb John Powell's Avatar
    Join Date
    October 17th, 2005
    Location
    Bayou Country, LA
    Posts
    3,432
    Quote Originally Posted by Rhea
    Is there a way to check if my shops are infected or if they're vulnerable?
    Check for that unplanned javascript at the bottom of your pages. Google will throw up a flag in their Webmaster Tools area if they spot it on a site that you have verified with them.


  5. #5
    Troll Killer and best Snooper!
    I decide when the pigs fly!
    Rhea's Avatar
    Join Date
    January 18th, 2005
    Location
    New York, USA
    Posts
    6,195
    Thank you, Bumpaw. I checked the source code for my CP Shops and it looks okay. I guess I should test the forms by sending myself a message. :gulp:

  6. #6
    ABW Ambassador Greg Rice's Avatar
    Join Date
    January 18th, 2005
    Location
    Ohio
    Posts
    4,889
    Thanks bumpaw, I had to go and check my site as well. Thankfully it's ok but I feel better now knowing.
    Greg Rice Affiliate Program Management
    www.gocmc.com info(AT)gocmc.com | 330-259-1223

    Join us! - MiNeeds.com | DiscountCandleShop/CheeseSupply | Feng Shui Plaza

  7. #7
    ABW Ambassador
    Join Date
    November 25th, 2005
    Posts
    639
    Rhea,

    I don't think that sending yourself a message will prove anything. The easiest way for me to check was to load the index/default page. If it was infected, it loaded slower as the script ran. Then you would see a modal window telling you to click yes to load the new codec. It was one of those endless loop boxes - quite nasty. If your sites look okay from a users point of view then you are probably okay. Sorry if I made anyone panic!

    Dave

  8. #8
    Troll Killer and best Snooper!
    I decide when the pigs fly!
    Rhea's Avatar
    Join Date
    January 18th, 2005
    Location
    New York, USA
    Posts
    6,195
    Hey Dave, thanks for the additional info. Nothing untoward happened when I opened those pages in my browser so I guess I'm in the clear. You didn't alarm me (any more than I was already anyway.) Guess I'll keep a closer eye on them in the future. I had no idea they might be a gateway for the bad guys.

  9. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. "Stock" beats "sex" in keyword searches
    By Carolyn - ShareASale in forum Midnight Cafe'
    Replies: 8
    Last Post: January 5th, 2008, 10:07 PM
  2. "Google Poisoning" Article
    By OTProf in forum Search Engine Optimization
    Replies: 1
    Last Post: December 3rd, 2007, 03:50 PM
  3. Google Tests "Commercial" Results In Organic Listings
    By Trust in forum Search Engine Optimization
    Replies: 5
    Last Post: August 21st, 2005, 01:21 AM
  4. Replies: 2
    Last Post: July 29th, 2005, 01:51 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •