Malicious JavaScript Possibly Infected 20,000 Websites

Google declared through the Twitter micro-blogging site that in an alert to 20,000 Internet sites it had issued, the websites might've been contaminated with a malicious JavaScript. Esecurityplanet.com published this dated April 19, 2012.

Google, a top search engine does not have to inform about the vulnerability of any website to its webmaster. But, when it probes the World Wide Web for cataloging websites it can determine which ones contain malevolent content following which it may inform the infected ones.

Recently, in a statement by the Search Quality Team of Google, its members said that an intermediate party planted a JavaScript onto websites with which visitors might have been diverted onto malevolent ones. The team further said that unknown JavaScript contaminated files therefore, it alerted website owners that they must look for files specifically having the 'eval(function(p,a,c,k,e,r)' code, which might be injected into PHP, JavaScript or HTML files. Macworld.com published this dated April 20, 2012.

Furthermore, the search giant as well elaborated that whenever certain mass service providers supported over 50,000 malware-serving URLs, Google managed to pronounce in bulk the seriously infected ones.

The company's most recent alert to the 20,000 websites was too minuscule a number as against the 100,000 e-mail warnings it sent to webmasters during March 2010, disclosed Tiffany Oberoi, software engineer with Google at the San Jose, California-held Search Marketing Expo in March 2012. Search Engine Land reported this.

Enlightening about its long-standing practice of alerting webmasters about their malware-infected sites, Mark Jansen Spokesman of Google stated that the company followed it because it had pledged for being transparent and helpful towards webmasters in stopping spam. Macworld.com published this on April 20, 2012.

Significantly, the rate at which Google is presently issuing alerts, it appears that the company will flag some 4.2m websites as malicious during 2012. However, the underlying assumption is that there's no opportunity for further alerts, while the total number of hijacked websites continues to be unchanged.

For precaution, experts urged webmasters for maintaining up-to-date software programs as well as getting in touch with the service providers who hosted their sites to receive technical assistance.

Related article: Malicious Scripts with Zero-byte Padding can Pass Undetected

» SPAMfighter News - 4/26/2012