I like Google a lot. I couldn’t live without it. Heck, I even found a way to find flu vaccines on it the other day. But, that doesn’t mean I trust its results unconditionally. That’s a good thing. Cyber security research firm, Cyveillance has discovered that more than 200,000 Web sites have been infected with a new way to deliver malware via Google search results.
According to Cyveillance, here’s how it works. First a blog site is compromised. Often these are sites using out of date versions of the popular online photo gallery software Coppermine. For the most part, these are real, but neglected, blogs who users are no longer keeping them up or they’d notice something fishy was going on.
Once compromised these blogs start automatically publishing bogus posts. These posts are crudely SEOed (search engine optimized) images with minimal text. It’s not the page’s content that’s compromised though. It’s the blog’s templates that frame the images. Google then, in good faith, indexes these pages for you to find them.