Sign in with
Sign up | Sign in

20,000 Websites Possibly Infected by Malware, Says Google

By - Source: Kaspersky Lab | B 3 comments

Google has informed 20,000 web sites that they could be infected with redirect malware.

On Tuesday, Google's Matt Cutts said via Twitter that his Google Search Quality team sent out warning letters in numerous languages to 20,000 websites reporting that they might be hacked and injected with JavaScript redirect malware. The team has noticed that these sites are performing "weird" redirections, possibly leading to malicious web sites. The team also warned that server configuration files may have been compromised as well.

However given that Google isn't an actual security firm, the company can only suggest that the malware be removed and the vulnerability fixed in order to protect visitors. Google's notification also suggests that site owners keep their software up-to-date, and to contact their Web hosts for technical support.

"We think that JavaScript has been injected into your site by a third party and may be used to redirect users to malicious sites," the Google Search Quality team warns. "You should check your source code for any unfamiliar JavaScript and in particular any files containing "eval(function(p,a,c,k,e,r). The malicious code may be placed in HTML, JavaScript or PHP files so it's important to be thorough in your search,"

Even more, compromised server configuration files may be cloaking and showing the malicious content only in certain situations, the company said.

"[This is] part of our ongoing mission to be transparent with webmasters and do our bit to help prevent spam," Google spokesman Mark Jansen said. "In fact, this isn't a new phenomenon; we communicate very openly with webmasters and always have done."

Despite grumblings by critics over disguised malware plaguing the former Android Market, Google seems to be at the forefront of the anti-malware campaign. Just last year, the company removed more than 11 million URLs on the "co.cc" free Web Hosting service from its search results because they were being used by hackers to conduct drive-by attacks and speak malware programs on a regular basis.

"Subdomains are often registered by the thousands at one time and are used to distribute malware and fake anti-virus products on the web," the company said in a blog. "In some cases our malware scanners have found more than 50,000 malware domains from a single bulk provider."

Still, despite the search engine giant's best efforts, the company is only flagging half of all the malicious links rendered by its search engine, says Kaspersky Lab. Why? Because malicious and suspicious Web sites are usually able to use search engine optimization to bypass Google's filters altogether, thus ending up on search results lists anyway.

Display 3 Comments.
This thread is closed for comments
  • 0 Hide
    koga73 , April 19, 2012 7:22 PM
    or the javascript could have been injected via user input and is being pulled from the db and spit out on the page.
  • 0 Hide
    chechak , April 19, 2012 7:36 PM
    we know that's our toms hardware site is not effected :D 
  • 0 Hide
    chumly , April 20, 2012 3:34 AM
    I was getting redirected from Tom's earlier today, some weird Turkish site. I thought it was weird for a redirect, because it looked like the site had hardly any traffic at all. Personally, I think it's because Skynet just took over.
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter