Google
Google is attempting to delete infected pages from its cache
R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from vnunet.com

Free email newsletters




ADVERTISEMENT

Hackers step up search results attack

Big-name sites compromised in IFrame redirect scam

Shaun Nichols in California, vnunet.com 31 Mar 2008
ADVERTISEMENT

A malware attack targeting search engine results is continuing to haunt several high-profile sites.

The attack uses the common cross-site scripting practice of embedding pages with small IFrame tags which redirect the user to a malicious page on a third-party site.

Researchers claimed that the latest attack is unique in that it targets search engine results.

The hackers have compromised search result pages, using search engine optimisation techniques to hijack search results and send users to sites which host malicious downloads.

Among the sites said to be compromised are major news outlets ABC, USAToday and Forbes, and retailers Wal-Mart, Target and Sears.

Security researcher Dancho Danchev said in a blog posting that the attacks have been lingering on the web for more than two weeks, despite efforts by Google to delete infected pages from its cache.

Danchev estimates that up to one million different search queries will lead users to the infected pages.

Administrators can protect against the attack by plugging the input validation vulnerabilities used to seed the malicious code within the pages.

But Danchev does not see the attacks slowing down anytime soon. "We are definitely going to see many other sites with high page ranks targeted by a single search engine results poisoning in combination with IFrame injections," he wrote.

See also:

MacBook Air
MacBook Air hacked in two minutes
Apple falls first in laptop hacking contest  28 Mar 2008
Football fan
Hackers attack Euro 2008 ticket website
Don't score an own goal, warns security firm  27 Mar 2008
Instant messaging
Enterprises urged to plug IM security holes
A quarter of all staff admit to sending sensitive material by IM  25 Mar 2008
Facebook
Hijacked Facebook accounts used to spread torture pics
'Disturbing' photo attacks reported  25 Mar 2008

All Hacking
Tags: Google, Malware, Ecommerce, Security

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story
R E A D E R   C O M M E N T S
Post your comment Post your comment   What is this?

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
PMO Support Analyst
Telford, Shropshire, United Kingdom | EDS
EDS are currently looking to recruit a PMO Support Analyst to join our Project Management Defence team in Telford, Shropshire. Summary: Within DII Service Management. To perform the PMO function for SM Service Introduction. This ... more >
Environment Support Engineer
Reading, Berkshire, United Kingdom | EDS
Position # 396477 Environment Support Engineer Location - Reading Job Description: There is an initial requirement an Environment Support Engineer to provide support and maintenance for the development environments within ATLAS. This role encompases many ... more >
Technology and Systems Consulting Event
London, United Kingdom | Deloitte
Technology and Systems Consulting Event - LondonWith the right balance, you'll achieve great things. Join our Consulting practice and have the opportunity to balance your technical and business consulting skills to bring out the best ... more >
Testing Consultant
Canary Wharf, Greater London, United Kingdom | EDS
Position # 398441 Responsibilities - Testing Consultant * Under broad direction, interacts with EDS project teams and clients to gain an understanding of the business environment, technical context, and testing objectives for a project as ... more >
More job opportunities

Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site . Advertise
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
Gizmodo the daily gadget blog: technology news and reviews
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
WebAct!ve what's happening on the web
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP % Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Top IT Employers 2005
Inquirer Jobs Software Engineer Jobs, firmware developer jobs, electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . IT Week . vnunet.com
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503