USA Today has reported that 7 out of every 10 google search results could potentially be vulnerable to a javascript hack that silently installs a host of malware onto the computers of unsuspecting users. The exploit works by targeting websites with insecure javascript that can be manipulated in search engine results. For example:
- Hackers target specific url's on a major website (i.e. a link to a news story, blog, etc)
- You perform a search on google, and you happen to find and click on an exploited link.
- To you, the user, nothing out of the ordinary happens. The link opens the page you are looking for, but in the background an invisible redirected connection is opened up and begins transmitting keyloggers, malware, spyware, and who knows what else to your computer.
So what can you do about this?
- The standard 'anti-virus' disclaimer fits here: keep your anti-virus software up to date, make sure you have all the latest security patches from microsoft, and never accept unsolicited downloads. Unfortunately, if you opt for just
- As bloggers and webmasters we also have the added responsibility of making sure the content we put on our sites is secure. It is very easy to plop some javascript into a blog or on a website, so it is good practice to know what you are distributing to your visitors.
