Thousands of Infected Links Weeded Out

Dennis Faas's picture

Google has removed more than 40,000 sites from its index after discovering they were fronts for malware (software that infects a visitor's computer).

The sites used the fake codec technique. This is where a message appears on the user's screen saying they need to download an update to their system in order to view an image or video. For instance, it may claim they need a newer version of ActiveX, which can be used to show animations on web pages.

Unfortunately, the link actually downloads a virus.

It appears the people behind the scheme were deliberately flooding search engines with the sites. At one point this week, every link on Google's first page of results for some phrases was infected.

The hundreds of affected phrases covered three main categories: phrases involving "microsoft excel", phrases relating to network routers, and phrases with the word "fetch". This pattern suggests those responsible may have been experimenting with their technique rather than attempting to infect as many computers as possible, which would probably be done with more popular or topical search phrases.

Sunbelt, the company which uncovered the attacks, later found that this particular act was deliberately targeted at Google. Anyone who visited the sites through another search engine would not trigger the virus download.

And they also set the sites up so that the virus wouldn't show up if the visitor had used Google's 'inurl:' or 'site:' commands (which restrict searches to the name of the page rather than its content). These commands are often used by researchers trying to track down such viruses. (Source:

Adam Thomas, a researcher for Sunbelt, said those responsible had likely spammed blogs and website comment pages with the affected link addresses so that they showed up higher in the Google rankings. Google confirmed they were aware of the case, but wouldn't go into specifics. (Source:

It seems Google will have to look again at its ranking system if they are to stop infected sites showing up so highly. In the meantime, it's worth remembering that as well as keeping your anti-virus software up to date, you should take care before downloading 'updates' from unknown sources. Legitimate updates for popular software will always be available from the manufacturer's own website.

Rate this article: 
No votes yet