Thursday, February 11, 2010

Website Infections that only express themselves when the HTTP Referrer is Google.

While looking for infected websites, I found a moinmoin based website that was infected with either a .htaccess hack or a software injection hack. The interesting part about this hack was that it only manifested itself when the http referrer was set to google.com.

There have been recent articles about malware that only shows when the visitor goes to the infected website through a Google Images frame. However, this new twist applies more broadly to any web content that came up through a Google search.

We can assume the purpose of this new approach to infections is to make it harder for the website owner to find the infected webpage.

The infected content points the user to the http://pharmacy-coupon.com website using a "http 302 Found" redirect.

No comments:

Post a Comment