Yesterday I was searching for something on Google. The search results returned several legitimate looking sites. As is my usual won, I opened the first few under new tabs, and one of them actually directed me to another site where I was unwittingly attacked. My *ahem* blocked it and told me about it. However I do not trust that it has been resolved and have changed my passwords. Btw, I was using Firefox (a colleague has advised that I use a plugin together with Firefox to make it safer).
I decided to read up on it.
Guess what? This is what Jon Swartz and Byron Acohido said on
USA TODAY in their 31st March 2008 article "Google Searchers could end up with a new type of Bug":
Cybercrooks are manipulating the computer code used to put the pizazz in millions of websites in hopes of taking over unsuspecting consumers' PCs.
The vulnerability occurs when someone does a Google search, then clicks on a result that has been secretly tainted by hackers. They will usually be taken to the Web page they expect. But at the same time, they are invisibly redirected to a computer server that installs a hidden program.
This program enables hackers to use the PC to spread spam and carry out scams. Typically, it also lets the attacker embed a keystroke logger, which collects and transmits your passwords and any other sensitive data you type online.
Any website indexed by Google
(GOOG) that fails to carefully handle JavaScript — the coding that activates many cool Web features, such as changing the color of a button when someone mouses over it — is a potential target. That's seven in 10 sites, says tech security firm WhiteHat Security. Hackers have discovered ways to trick the website application to run malicious JavaScripts.
"We're in a phase where one or two smart guys are attacking a few dozen major websites," says David Dewey, manager of IBM's X-Force security division. "In the next few weeks I would expect to see copycats attacking hundreds of high-profile websites."
Attackers have secretly corrupted Google results that direct traffic to Wired, CNet, TV.com, USATODAY.com, ZDNet Asia, History.com and many universities, says Dancho Danchev, a Netherlands-based security researcher, and Finjan Software, an Israeli security firm.
Most Google search results are safe. But in March alone Dewey and other security researchers found several hundred thousand corrupted Web pages returned in common Google search queries. They fear crime groups have just begun to take advantage.
Google issued a statement saying it is helping affected websites fix the problem and is also developing new tools "to detect and block" malicious Web pages.
Security experts say consumers can protect themselves by keeping anti-virus subscriptions and software updates current. Running an anti-virus scan may help repair infected PCs, although more serious fixes may be necessary.
Spokespeople for USATODAY.com and Wired said each blocked the attacks as soon as they were discovered. CNet, owner of TV.com and ZDNet Asia, declined to comment. History.com did not respond to queries.
"It should be the responsibility of the website operators to stop exposing people to risk as soon as possible," says Billy Hoffman, a security researcher at Hewlett-Packard. Gail Hillebrand, senior attorney at Consumers Union, agrees.
Attackers have taken advantage of JavaScript before, but usually on individual sites. The search engine trick — which has been focused on Google, though it could work on Yahoo and MSN search engines — is new, Danchev says.
Attackers are thrilled "to capture even a small percent of the traffic" of a big site, Finjan's Yuval Ben-Itzhak says.