A new wave of hacking is targeting Google searches and infecting unsuspecting users. PC infections occur when users click on tainted Web sites from Google searches and are brought to the site they requested but simultaneously d

irected to a host server which installs malicious software on the computer.

Hackers plant malicious search terms along with popular ones in Web addresses so that the targeted site ranks in the top of Google search results.

The hackers also target sites that use JavaScript, a popular Web tool that enhances a site’s look and performance, and they can even manipulate Web sites into running corrupted versions of the program.

Web sites that fail to carefully handle the program are at risk. Santa Clara’s WhiteHat Security says that means 7 out of 10 websites are vulnerable.

The infection allows users to spread viruses from the infected computer and possibly install a keystroke program that transmits passwords to hackers. Consequently, sensitive information can be passed along.

The biggest problem with the new wave of attacks is the difficulty in knowing whether a Web site has been infected because they look the same as a clean one.

Big-name Web sites like Target, USAToday, and Wired have been victims of the attacks, according to Dancho Danchev, a Netherlands-based security blogger.

On Tuesday, Google said it is working on a filter to automatically block the infected sites from appearing on search results, and they are also contacting infected organizations to help solve the problem.

The search engine attacks are the newest in a recent wave of hackings, as March alone yielded several hundred thousand corrupted Web sites in Google searches, according to David Dewey, manager of IBM's X-Force security division.

Because of the bug’s invisibility, we will have to trust that Google is solving the problem quickly.

By Danny Scuderi
FEEDBACK
For comments on this article,
email us at editorial@atelier-us.com