On 27th September 2007, this site told of the re/ocurrence of search-engine hacking by spammers [see Hackers Shanghai Google, Warning]. Although this nefarious activity was known to the more savvy members of the Internet community, it had remained relatively unpublicized and apparently not deemed to be a major threat. However, on that particular Sunday over half of the first page of an innocuous search was occupied by bogus and harmful links.

Clicking on one of the links had the result, for one user, of a startup program being replaced so that the control was in the hands of the hacker-spammer. This was on a MacBook Pro laptop, for which there is much pro-Mac publicity about immunity from attack! Now it must be said that the user had not utilized some of the available safeguards, having misplaced faith in the saying that “this is a Unix based system and it is hard to attack”. Furthermore, the user had, in effect, opened the door to the attacker by clicking on the bogus link.

The report here went on to describe how the bogus links could be identified by the fact that they appeared to have .cn in the URL. Since then, although Google responded swiftly, files with .txt have appeared and apparently even been cached by the search engine. Furthermore, one user entered his distinctive surname, and one of the ‘finds’ on the first page of search results was a spoofed page of The Guardian newspaper with a report about his cousin. Needless to say, this wise user did not click on the link!

Usually, the spoofed websites are relatively easy to spot in that they contain lists of words, although from the above it can be seen that this is not always the case. Generally the summary is in poor English at least. They are still, for the most part, sporting the “.cn”, and rarely cached. They also have very odd-looking URLs, even if not “.cn”. Although Google has been singled out so far, any search engine is at risk, and similar bogus links were also seen on Altavista at about the same time. Moreover, the attacks are ongoing. A Google search on 17th October 2007 for a well-known cosmetics company and UK town yielded a bogus link in the first page of results.

Google is a vast and valuable resource for information. However, reaction in the Internet community to this current threat seems strangely muted. One user-response seen was almost arrogant, in that ‘sensible users don’t click on odd links’. However, the naive and the curious are not necessarily senseless or silly, just uninformed or inexperienced. They deserve better.

– Thanks go to Dr Jenny Oliver for this invaluable contribution in the subject of search engine hacking. If you would like to contribute to the site as a guest blogger please get in touch, I’d like to make this a regular feature if there is sufficient interest.