Google News Alert Virus
by Judith Dinowitz, Master Editor-in-Chief
I like to keep up on the news. And of course, which tool helps me more than a Google News Alert? I'm sure many people feel the same way, and use Google News Alerts to keep up with the latest news, articles and blog posts on a given subject.
Well, the virus writers have now taken advantage of that trust.
Tonight I got an email with a Google News Alert. My first impulse was to click on the link and see what the article had to say. I clicked through, and came to a page on construction – how strange, I thought! Construction has nothing to do with the subject I saw in my news alert.
As soon as I hit the page, my browser was hijacked with a JavaScript popup saying that my computer was being scanned for viruses. It claimed that I had a virus, and needed to download some anti-viral software. The site was helpful enough to provide me with a download box, so I could save this anti-viral software. Of course, it had to be a virus. I closed all the windows, but I was puzzled: Why would Google be sending me to a virus site?
Michael and I decided to investigate. First, Michael used HomeSite (yes, HomeSite) to download the page and examine it. This led to a string of JavaScript jumps – from this page to another site, and then to another site. It also did not show the text that Google said was there.
Michael then turned JavaScript off on his browser (using the Web Developer Extension) and searched around for the text I was expecting. What he found was rather interesting. Someone had grabbed random chunks of text from different sites and, following the content optimization rules that Michael talks about on a regular basis, created a page which Google saw as being relevant and informative. Then all they had to do was put in a simple JavaScript trap and wait for Google to see the new content, with all those relevant and contextual keywords. Because the content is so attractive, and is on Blogspot, which is so prestigious, Google just has to send it off to people who are looking for those keywords. Basically, Google sent me (and many others) on a viral wild goose chase.
I have sent this to abuse@google.com, and hopefully they'll not only stop these people, but put in some sort of fix to make sure it doesn't happen again. Meanwhile, other people will get caught with this, and we'll have another rash of viruses coming along. Any time you go to a site that you get through a Google News Alert, remember that it's not a Google site. It is someone else's content and you should treat it like you do any other site that you go to. Don't automatically trust.
Judith Dinowitz is the Master Editor-in-Chief of the House of Fusion magazines and journals, where she enjoys serving up ColdFusion and Flex goodness on a weekly and quarterly basis.
nice explanation
We also have a problem with spybot.
I have this same problem - anything that can be done other than to ignore google. Every time I try a google serach I am hijacked to a bogus site.
One of my clients just got hit with this today. Great explanation.
Latest ColdFusion Talk (CF-Talk)
- Very basic/simple forum
- cfcatch type="" problem
- Official ColdFusion IDE announced
- CFScript for loop broken? (aka HELP!!)
- cfgridcolumn
- Best Practice: Looping over a query in cfscript?
- IDE announced: IDE/Compiler Business Model
- Error invoking CFC
- URL to open in maximized window state within current window
- Ant build
Latest ColdFusion Jobs (CF-Jobs)
- Drupal CMS + ColdFusion MX 7 contract - 3 months
- Junior to Mid Level Web Developer (Washington, DC)
- QuillDesign - Looking for Telecommute Part-Time
- ColdFusion Developer in North Jersey Area
- Analysis Service Developer Position OPEN NOW!!
- Business Analyst - Internet / Coldfusion based in London UK
- ColdFusion Developer - Milton Keynes UK (United Kingdom)
- ColdFusion/ActionScript Position (RI) ASAP! 3-4 month contract
- Web Infrastructure and Developer w/ Coldfusion- Columbia, SC
- Coldfusion Developer available
One of my clients just got hit with this today. Great explanation.