CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
April 4th, 2008

Hacked Blog Spam Pages Promoted In Google News

Google News search results are currently infected with spam pages from a hacked authority blog (maybe even blogs). A simple search for “migraine” in Google News will show about 120 results with links to “cialis” spam from a folder containing specially generated spam pages from blog.oup.com (Oxford University Press Blog). The results are supposed to be sorted by “relevance”. Do not click on the search results, those pages might contain exploits that can infect your PC via the browser (usually Internet Explorer). Click here for a screenshot.

It seems that not only Oxford University Press Blog was hacked and spam pages were added, but Google News mechanism added those pages without verification since they are hosted on a trusted news domain, at oup.com. The reason is, of course, an old WordPress blog version with a vulnerability that got exploited.

More keywords will trigger the same response from Google News. Some keywords are “Osteoarthritis”, “anxiety” “osteoporosis”, “blood pressure”, “viagra”, and many others.

Regular Google search for blog.oup.com shows some interesting results as well. It seems that the folder /wp-content/themes/default/images which normally contains pictures for the blog, currently contains an extra folder called “ph” where all the spam pages are located. Click here for a screenshot.

Spam pages are promoting “Trusted Pharmacy” and it obviously worked out for Google News, since those pages were added right away into news search results. Google’s filters have not picked up infected blog since the blog is a verified source of news and, most likely, all of the content from the domain blog.oup.com is trusted. Not only that, somehow those spam pages were categorized as “relevant” to the searches in question.

It seems there is a need for a ranking mechanism that takes into account not only the reputation of certain source but also verifies that the source was not hacked and spam/infected pages are not injected into Google. Our trust in Google’s “safe for visit” filtered News results becomes more and more important. Unlike web search, which can be indexed, filtered and updated over the course of months, the news index has to be extremely fresh; for this reason, algorithms like PageRank cannot function properly and thats the reasons no verifications are made to websites once approved as trusted.

UPDATE: Senior Customer Service Rep from Oxford University Press has put a ticket in their systems support group to investigate this issue. Hopefully this hacked blog will be taken down by Oxford University Press soon.

Share this item with others:

More on CyberInsecure:
  • WordPress Doorway Spam Attacks
  • Third-party Marketing Agency Spammed A Security Expert Blog After Being Hired By Sophos
  • Google’s Blogger CAPTCHA Under Automated Registrations Attack
  • Spam From 750 Compromised Twitter Accounts Invited Users To Visit Porn Website
  • Google Docs Abused In Latest Spam Technique

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Hacked Blog Spam Pages Promoted In Google News

    One Response to “Hacked Blog Spam Pages Promoted In Google News”

    1. Hi
      My 2 blogs were hacked by a terrorist radical islamic person. He is using the 2 blogs inorder to publish my real name, real photo, real address, a message for HAMAS in Gaza.
      I tried so much to tell google about this but I didn’t know how. Plz help me to bring them back or to REMOVE them from the web. They are a real danger on my life.

      thanx
      zohair


    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.