Google: Web Sites Hacked

Thursday, April 19, 2012 @ 05:04 PM gHale


A message went out from Google to the webmasters of 20,000 sites saying their sites may have suffered a hack, said the head of Google’s Webspam team, Matt Cutts.

In the email message, the company warns operators the sites look like attackers are using the sites to redirect visitors to a malicious site.

RELATED STORIES
Focus to Fix Sign-On Flaws
Hackers Expose Site’s Security Hole
Flaws in Microsoft, Dell, TBS Sites
UN, Skype, Oracle Hacked

Google asks the site administrators to check the files in their web space for an eval(function(p,a,c,k,e,r) JavaScript code segment. The eval() function can execute JavaScript character strings that may have previously been decrypted using an unpack feature. Google also warned of specially crafted .htaccess files. These may cause a file to redirect only in certain circumstances, for example, when a visitor accesses the page via Google. Consequently, regular visitors to a site, such as the webmaster, will be unaware of the infection.

The email contains a link to Google’s Webmaster Tools support page with instructions designed to help web masters clean up their sites.

Google also asks the administrators to close the security hole exploited to infect the site. Google started warning webmasters in this way in late 2010. At the time, the company said it also intended to warn users about visiting infected sites in its search results.



Leave a Reply

You must be logged in to post a comment.