The H-Security: The head of Google’s Webspam team, Matt Cutts, announced on Twitter that Google has sent out a message to the webmasters of 20,000 sites informing them that their sites may have been hacked. In the email message, the company warns operators that the affected sites appear to be being used to redirect visitors to a malicious site.
Google asks the site administrators to check the files in their web space for an eval(function(p,a,c,k,e,r)
JavaScript code segment. The eval()
function can be used to execute JavaScript character strings that may have previously been decrypted using an unpack feature. Google also warns of specially crafted .htaccess files. These may cause a file to be redirected only in certain circumstances, for example, when a visitor accesses the page via Google. Consequently, regular visitors to a site, such as the webmaster, will be unaware of the infection.
The email contains a link to Google’s Webmaster Tools support page with instructions designed to help web masters clean up their sites. Administrators are also being asked to close the security hole that was exploited to infect the site. Google started warning webmasters in this way in late 2010. At the time, the company announced that it also intended to warn users about visiting infected sites in its search results.