Hackers Shanghai Google Warning黑客上海的Google警告

Google’s index has been hacked, searching for certain keywords will bring up dozens of spoof sites that will infect your PC with malware or viruses. Google的索引中已砍死，尋找某些關鍵字會帶來了幾十個假冒網站會感染您的PC與惡意代碼或病毒。 That’s the warning that comes from Dr Jenny Oliver of Olfaction Research Ltd who called today.這是警告說，來自醫生詹妮奧利弗嗅覺研究有限公司誰所謂的今天。

Dr Oliver is your fairly average surfer, searching recreationally last Sunday evening, she clicked on what seemed to be a legitimate result in the SERPs only to discover, once it was too late, that the website to which the result pointed was harboring malware and that this had attempted to infect her Mac.奧利弗博士是您的相當平均衝浪，搜索recreationally上週日晚上，她點擊了什麼似乎是一個合法的結果，在serps只發現，一旦為時已晚，該網站在何種結果指出，被包藏惡意軟件，並這曾試圖感染她的Mac 。

“I can’t remember what I put in to search with,” she told me, “as I was idly surfing last night, my Mac was suddenly very busy for several seconds as if installing a program.” She rebooted very quickly after that, but her net connection seemed to have become ominously slow. “我不記得我提出的在搜索與” ，她告訴我： “我不管衝浪昨晚，我的Mac突然非常繁忙的幾秒鐘，因為如果安裝程序” ，她很快重新開機後，但她的網絡連接似乎已成為不祥的緩慢。

Spoof websites have been around for a while but searching for some very specific, high-ranking, key phrases, are now bringing up an inordinate number of site on the .cn top-level domain (TLD) in the last few days, some 80% of Dr Oliver’s results were spoofed pages.欺騙性的網站已經靠近了一會兒，但尋找一些非常具體的，高級別，關鍵短語，現正造就過多的數目網站上。架CN頂級域（ TLD ）在過去數天，約有80 ％博士奧利弗的結果欺騙性的網頁。 Adding “-site:.cn” or “-cn” didn’t totally eradicate the spoofs, perhaps because the hackers are somehow using a hidden Chinese character, that looks like a space before the period.加入“網站：網”或“ -架CN ”並沒有完全消除偽裝，也許是因為黑客在某種程度上使用一個隱藏的中文字符，看上去像一個空間的期間之前。

The issue has now been discussed in more detail這個問題現在已更詳細的討論 here這裡 . 。 Oliver, however, describes it as follows: “I just tried to find the three spoofs again on the first page, using the keywords I mentioned [we're not listing them here, for obvious reasons, db] even with the proviso of -site:.cn added, they appeared at the top of the SERPs.奧利弗，但是，把它描述為如下： “我只是試圖找到三個偽裝再次在第一頁，使用關鍵字我所說的[我們不上市，他們在這裡，出於明顯的原因，分貝] ，甚至與規定-網站：網補充說，他們出現在上方的serps 。 “To get around the “-.cn” it seems the spoofers use a non-displaying Chinese character, which looks like “asasdfdsf. “要獲得圍繞” -.架CN “似乎spoofers使用非中文字符顯示，這看起來像” asasdfdsf 。 cn” in other words, it shows up as a blank space or two before the cn in the address.架CN “ ，換句話說，它顯示為一個空白的空間或2之前的CN在施政報告。

The sites have genuine-looking titles, but appear to contain random lists of words and phrases and/or scraped content from US sites.該網站真正有前瞻性的頭銜，但看起來包含隨機名單單詞和短語和/或取自其他網站的內容由在美國的網站。 The site addresses themselves are spoofed or bogus, so be wary of clicking them, especially if you don’t have full browser immunization (網站地址本身是偽造的或假的，所以小心點擊它們，尤其是如果您沒有充分的瀏覽器免疫（ Spybot S&D Spybot的特殊和差別 for that), antispyware (Spybot and為） ，反間諜軟件（ Spybot的和 AdAware adaware ), antivirus ( ） ，防毒（ AVG平均 ), and a Firewall in place (router/hardware AND ） ，以及防火牆已到位（路由器/硬件和 ZoneAlarm ZoneAlarm的 ). ） 。

Joe on喬對 GoogleWatchdog googlewatchdog also reports similar strange behavior.另據報導，類似的奇怪的行為。 “It appears that the faked sites are redirecting the Googlebot to a location where content can be indexed, while at the same time recognizing normal users and redirecting them to a site that includes the malware mentioned earlier. “看來，假冒網站重定向Googlebot以位置的內容可以被編入索引，而在同一時間，認識到正常的用戶並重新導向他們的網站，包括剛才所說的惡意軟件。 This is an obvious violation of Google’s guidelines, but the spammers have found ways to circumvent the rule and hide it from the Googlebot,” he says.這是一個明顯的違反Google的指引，但垃圾郵件發送者已經找到方法來規避規則和隱藏它從Googlebot的， “他說。

The possibility of cyberterrorism that exploits this Google looooophole are very alarming.的可能性，網路，利用此Google looooophole是非常驚人的。 All users could be threatened by activity as well as ecommerce sites and others.所有用戶都可以受到威脅的活動，以及電子商務網站等。 Until now, phishing attempts have usually been made to extort money from gullible surfers, clicking on malicious web addresses in their emails.到現在，釣魚式攻擊企圖，通常已作出勒索錢財輕信網友，點擊惡意網站的地址在他們的電子郵件。 This new attack on google search seems to represent a major shift in scale from random emails to the activity of the biggest search engine.這個新的攻擊， Google搜索，似乎代表了重大轉變，規模從隨機電子郵件的活動，最大的搜索引擎。

The bottom line for users?底線用戶？ Don’t panic, just don’t click on .cn sites you find via google.com, for the time being.不要慌張，只要不點擊網網站您找到通過google.com ，其時正。 If you need to search across China, use google.cn instead.如果您需要搜索中國各地，使用google.cn 。 Thankfully, Google is now on the case, according to值得慶幸的是， Google現在關於此案，根據 Matt Cutts馬特cutts . 。 Indeed, searching for Dr Oliver’s problem keywords gives me “normal” SERPs.事實上，尋找醫生奧利弗的問題，關鍵詞，讓我“正常” serps 。 “However, the danger remains - hackers would be likely to use a time when defenses are low, like ‘out-of-hours’, surfing at these times should obviously be approached with extra caution,” she says. “不過，危險仍然-黑客可能會使用的時候，防低，想' - -小時，衝浪在這些時間顯然應加以對待格外小心， ”她說。