Security

Google's own index is hacked

According to The Google Watchdog, a spammer recently infiltrated Google's search index. In fact, Google Watchdog Joe says, "This is the first time that I've ever been worried that Google's own index has been hacked."

According to The Google Watchdog, a spammer recently infiltrated Google's search index. In fact, Google Watchdog Joe says, "This is the first time that I've ever been worried that Google's own index has been hacked."

The Inquirer highlights the events of the hack. It appears that some search results are returning Chinese sites, which are easily identified by their .cn suffix. These malicious .cn sites, which appear before the valid returns, give users more they bargain for:

When a punter clicks on one of the .cn sites, they are sent to an entirely different page which attempts to install one or more pieces of malware on the user's computer.

The Google Watchdog whines suggestively that the the faked sites are redirecting the Googlebot to a location where content can be indexed, while at the same time recognizing normal users and redirecting them to a site that includes the malware.

This information is a great reminder that you can never be too sure when you're clicking links on the Internet, even when you're on a site that has a fairly solid reputation for being secure.

Does this spam hack make you lose some trust in Google? Is there a different search engine that you prefer? If so, which one and why?

--------------------------------------------------------------------------------

Stay on top of the latest tech news

Get this news story and many more by subscribing to our free IT News Digest newsletter, delivered each weekday. Automatically sign up today!

About

Sonja Thompson has worked for TechRepublic since October of 1999. She is currently a Senior Editor and the host of the Smartphones and Tablets blogs.

26 comments
Jaqui
Jaqui

not only do I not run windows, my linux box is secured so that they can't infest me even with toolbar based malware.

Deadly Ernest
Deadly Ernest

without having a good look at the URL itself first. Since Google started to put paid for responses at the top, I rarely open any of the first ten hits on any Google search anyway. Add in, most of my searches are about matters in Australia, and I commonly use the 'Australian Sites Only' option - even then, I'll still get some foreign sites in the response, but if the site isn't clearly Australian (usually by having .au in the URL) I don't click on it.

tatianav
tatianav

Personally, I never use Google as my SE and prefer Yahoo. Google's webmaster tools are the only things that I use of Google.

wagriff
wagriff

Apparently this infiltration has had an effect on G-mail accounts also. Most of the G-mail accounts at work and most of the accounts my friends have will not work after the weekend. You get the all to familiar (user name or password did not match).

Sonja Thompson
Sonja Thompson

A spammer recently infiltrated Google's search index. Does this spam hack make you lose some trust in Google? Is there a different search engine that you prefer? If so, which one and why?

d.g.holm
d.g.holm

I don't buy into the claim that Google was hacked (which would require breaking into Google's system and planting the links directly into the Google index). Gamed? Yes. Hacked? No. Why? Because it is trivially easy to present different content to web bots and web browsers, after which you just have to fine tune the innocuous version that the Google web bot sees until it gets ranked highly. Once the sites are ranked highly (so as not to tip your hand too early), then you redirect web browsers to the malware sites. Reading the blog over at Google Watchdog, it's obvious from what is being described that some variation of this is what happened. There was no hacking of Google involved.

Deadly Ernest
Deadly Ernest

and had no extra problems at all int he last few weeks.

Tig2
Tig2

My gmail account is fine. I have had no difficulties in either my mail, Picasa, or searching. My blog is fine. Targeted attack? Over now? Who knows?

Nodisalsi
Nodisalsi

For anything apart from Hotmail, MSN and the Zone. This way there is less prospect of malicious SW being installed.

pratapvijay_g
pratapvijay_g

This is a Cyber war and it will continue as long as our software exists. The powerful we make our search engine ,more powerful will the Hackers will become. This is a never ending Story.

armstrongb
armstrongb

I never trust any software or web based service very much. There has yet to be any product that is 100% secure. The only way to be 100% secure on the web is to not use it and/or NOT be connected to it. I will still use Google since I get the best reults typically. If some other site does better then I will use that. No problems with gmail so far, it just works.

Timbo Zimbabwe
Timbo Zimbabwe

... were they using for indexing? What operating system was compromised in this attack?

Roho
Roho

No proof of what ever happened. Just vague tendentious gibberish. FUD all over the place. What is going on? Is there a problem? I have not seen any proof.

Tony Hopkinson
Tony Hopkinson

Click on some of those ad links on the right hand side. As long as you are reasonably secure anyway.

ronald.cmz
ronald.cmz

anyway, there is no such stuff. full stop. btw, did that hack started off by googling how to hack first?

tom.fixapc
tom.fixapc

Some people see Google as the new evil queen. If you really want to read an e-mail to my sister and see my son's wedding photo's, go ahead. As they say "one swallow, does not, a summer make!) Perhaps it is inevitable that a hack would happen sometime. It just shows that some spineless goat is determined to stuff it up for everyone. Some people must lead very lonely lives. Cheers,

ronald.cmz
ronald.cmz

So what? yea so what? It is not like he can hack into google's adsense program. does this hack helps someone website to comes up the FIRST? crapshit.

Absolutely
Absolutely

Anything on the Internet can be compromised.

DanLM
DanLM

Who is to say that Google is the only one that has been hacked this way? Dan

Deadly Ernest
Deadly Ernest

had bits of chips and boards going in all directions. had some old computers I was trashing - I picked up my trusty hatchet, and hacked away at the things until they were clearly totally useless, thus following corporate policy of ensuring old equipment was not in a usable state when dumped. I just LOVE such computer hacking, it gets rid of the agro no worries.

shikeb.ali
shikeb.ali

Oh !! doesn't matter its still the best search engine as it was before the incident.

asgr86
asgr86

Now with the latest igoogle and web history all the search and activity is open... and its lot of information from a hacker and even for spamers Nothing Is Save and Secure once it leaves your keyboard

gichanauk
gichanauk

I find it rather baffling when people think that anything on the web is secure.With all this information on the internet it is possible to manipulate this search engines and get all the hidden indexes and files you want! with no sweat. Just use afew syntax and you are there!