back to article Viral web infection siphons ad dollars from Google

A compromise that is moving virally across websites is making unwitting people who surf to them part of a botnet that redirects Google search results, a security researcher has warned. During the past week, the number of websites identified as infected have almost tripled, according to researcher Mary Landesman with real-time …


This topic is closed for new posts.
  1. This post has been deleted by a moderator

  2. Anonymous Coward
    Anonymous Coward

    Wonderful Javascript

    Ready to admit that javascript is a mistake for web browsers?

  3. Graham Cluley

    Some more information

    The obfuscated JavaScript on compromised sites (which Sophos intercepts as Troj/JSRedir-R) accounts for about 42% of all of the infected webpages we've seen in the last week.

    That's a mightily impressive six times more infections than the tried and trusted malicious Iframe attack of Mal/Iframe-F.

    We've published some further information and stats on our site at

    I'd recommend that surfers check their protection is up-to-date and fighting this one.

  4. Christopher Ahrens Silver badge

    Good thing that

    I don't allow JavaScript to run on website, use any Adobe products and only update my site (that doesn't allow JavaScript) by dumping the files into its file share. Nor do I click on any Google advertisements....

    Besides, Flaws in Adobe software is old news

  5. Alex
    Black Helicopters

    is it me or does anyone else see the hand of...

    ..Kvnt Eurtgruel in this?

  6. Anonymous Coward
    Anonymous Coward

    @Christopher Ahrens

    Good thing that we both wasted time posting pointless stuff!

  7. Andrew Moore


    Is anyone still using Adboe Reader??? I thought all the smart people had moved over to Foxit.

  8. Matthew Collier
    Thumb Up

    @Andrew Moore

    Not just Foxit, there are a host of alternatives, for Windows and non-Windows alike. KPDF is what comes preinstalled on my OS/distro of choice.

  9. Jon

    htaccess too

    I work for a fairly large hosting provider and we're seeing it here too.

    Interestingly, we're also seeing a .htaccess being dropped into the root ftp folder which attempts to perform various redirects, set (compromised) custom error docs and calls some perl scripts.

    Ammusingly they don't upload the error docs, scripts and their .htaccess is malformed, which simply took the sites offline instead. If the error docs had been correctly uploaded then they'd have spread via the 500 internal server errordoc though.

    The reason I mention it is because it's from the same 'straight-in' access from compromised FTP accounts. I cleared out about 15 infections yesterday - of which all logged in first time with the right details.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020