Hackers Shanghai Google Warning黑客上海的Google警告

Google’s index has been hacked, searching for certain keywords will bring up dozens of spoof sites that will infect your PC with malware or viruses. Google的索引中已砍死，寻找某些关键字会带来了几十个假冒网站会感染您的PC与恶意代码或病毒。 That’s the warning that comes from Dr Jenny Oliver of Olfaction Research Ltd who called today.这是警告说，来自医生詹妮奥利弗嗅觉研究有限公司谁所谓的今天。

Dr Oliver is your fairly average surfer, searching recreationally last Sunday evening, she clicked on what seemed to be a legitimate result in the SERPs only to discover, once it was too late, that the website to which the result pointed was harboring malware and that this had attempted to infect her Mac.奥利弗博士是您的相当平均冲浪，搜索recreationally上周日晚上，她点击了什么似乎是一个合法的结果，在serps只发现，一旦它已经太迟了，该网站其中的结果指出，被包藏恶意软件，并这曾试图感染她的Mac 。

“I can’t remember what I put in to search with,” she told me, “as I was idly surfing last night, my Mac was suddenly very busy for several seconds as if installing a program.” She rebooted very quickly after that, but her net connection seemed to have become ominously slow. “我不记得我提出的在搜索与” ，她告诉我： “我不管冲浪昨晚，我的Mac突然非常繁忙的几秒钟，好像安装程序” ，她很快重新开机后，但她的网络连接似乎已成为不祥的缓慢。

Spoof websites have been around for a while but searching for some very specific, high-ranking, key phrases, are now bringing up an inordinate number of site on the .cn top-level domain (TLD) in the last few days, some 80% of Dr Oliver’s results were spoofed pages.欺骗性的网站已经靠近了一会儿，但寻找一些非常具体的，高级别，关键短语，现正造就过多的数目网站上。架CN顶级域（ TLD ）在过去数天，约有80 ％博士奥利弗的结果，欺骗性的页面。 Adding “-site:.cn” or “-cn” didn’t totally eradicate the spoofs, perhaps because the hackers are somehow using a hidden Chinese character, that looks like a space before the period.加入“网站：网”或“ -架CN ”并没有完全消除伪装，也许是因为黑客在某种程度上使用一个隐藏的中文字符，看上去像一个空间的期间之前。

The issue has now been discussed in more detail这个问题现在已更详细的讨论 here这里 . 。 Oliver, however, describes it as follows: “I just tried to find the three spoofs again on the first page, using the keywords I mentioned [we're not listing them here, for obvious reasons, db] even with the proviso of -site:.cn added, they appeared at the top of the SERPs.奥利弗，但是，把它描述为如下： “我只是试图找到三个伪装再次在第一页，使用关键字我所说的[我们不上市，他们在这里，出于明显的原因，分贝] ，甚至与规定-网站：网补充说，他们出现在上方的serps 。 “To get around the “-.cn” it seems the spoofers use a non-displaying Chinese character, which looks like “asasdfdsf. “要获得围绕” -.架CN “看来spoofers使用非中文字符显示，这看起来像” asasdfdsf 。 cn” in other words, it shows up as a blank space or two before the cn in the address.架CN “ ，换句话说，它显示为一个空白的空间或2之前的CN在施政报告。

The sites have genuine-looking titles, but appear to contain random lists of words and phrases and/or scraped content from US sites.该网站真正有前瞻性的头衔，但看起来包含随机名单单词和短语和/或取自其他网站的内容由在美国的网站。 The site addresses themselves are spoofed or bogus, so be wary of clicking them, especially if you don’t have full browser immunization (网站地址本身是伪造的或假的，所以小心点击它们，尤其是如果您没有充分的浏览器免疫（ Spybot S&D Spybot的特殊和差别 for that), antispyware (Spybot and为） ，反间谍软件（ Spybot的和 AdAware adaware ), antivirus ( ） ，防毒（ AVG平均 ), and a Firewall in place (router/hardware AND ） ，以及防火墙已到位（路由器/硬件和 ZoneAlarm ZoneAlarm的 ). ） 。

Joe on乔对 GoogleWatchdog googlewatchdog also reports similar strange behavior.另据报道，类似的奇怪的行为。 “It appears that the faked sites are redirecting the Googlebot to a location where content can be indexed, while at the same time recognizing normal users and redirecting them to a site that includes the malware mentioned earlier. “看来，假冒网站重定向Googlebot以位置的内容可以被编入索引，而在同一时间，认识到正常的用户并重新导向他们的网站，包括刚才所说的恶意软件。 This is an obvious violation of Google’s guidelines, but the spammers have found ways to circumvent the rule and hide it from the Googlebot,” he says.这是一个明显的违反Google的指引，但垃圾邮件发送者已经找到方法来规避规则和隐藏它从Googlebot的， “他说。

The possibility of cyberterrorism that exploits this Google looooophole are very alarming.的可能性，网路，利用此Google looooophole是非常惊人的。 All users could be threatened by activity as well as ecommerce sites and others.所有用户都可以受到威胁的活动，以及电子商务网站等。 Until now, phishing attempts have usually been made to extort money from gullible surfers, clicking on malicious web addresses in their emails.到现在，钓鱼式攻击企图，通常已作出勒索钱财轻信网友，点击恶意网站的地址在他们的电子邮件。 This new attack on google search seems to represent a major shift in scale from random emails to the activity of the biggest search engine.这个新的攻击， Google搜索，似乎代表了重大转变，规模从随机电子邮件的活动，最大的搜索引擎。

The bottom line for users?底线用户？ Don’t panic, just don’t click on .cn sites you find via google.com, for the time being.不要慌张，只要不点击网网站您找到通过google.com ，其时正。 If you need to search across China, use google.cn instead.如果您需要搜索中国各地，使用google.cn 。 Thankfully, Google is now on the case, according to值得庆幸的是， Google现在关于此案，根据 Matt Cutts马特cutts . 。 Indeed, searching for Dr Oliver’s problem keywords gives me “normal” SERPs.事实上，寻找医生奥利弗的问题，关键词，让我“正常” serps 。 “However, the danger remains - hackers would be likely to use a time when defenses are low, like ‘out-of-hours’, surfing at these times should obviously be approached with extra caution,” she says. “不过，危险仍然-黑客可能会使用的时候，防低，想' - -小时，冲浪在这些时间显然应加以对待格外小心， ”她说。