Google searchers could end up with a new type of bug

Web searches could lead users to sites that endanger computers.

— -- Cybercrooks are manipulating the computer code used to put the pizazz in millions of websites in hopes of taking over unsuspecting consumers' PCs.

The vulnerability occurs when someone does a Google search, then clicks on a result that has been secretly tainted by hackers. They will usually be taken to the Web page they expect. But at the same time, they are invisibly redirected to a computer server that installs a hidden program.

This program enables hackers to use the PC to spread spam and carry out scams. Typically, it also lets the attacker embed a keystroke logger, which collects and transmits your passwords and any other sensitive data you type online.

Any website indexed by Google goog that fails to carefully handle JavaScript — the coding that activates many cool Web features, such as changing the color of a button when someone mouses over it — is a potential target. That's seven in 10 sites, says tech security firm WhiteHat Security. Hackers have discovered ways to trick the website application to run malicious JavaScripts.

"We're in a phase where one or two smart guys are attacking a few dozen major websites," says David Dewey, manager of IBM's X-Force security division. "In the next few weeks I would expect to see copycats attacking hundreds of high-profile websites."

Attackers have secretly corrupted Google results that direct traffic to Wired, CNet, TV.com, USATODAY.com, ZDNet Asia, History.com and many universities, says Dancho Danchev, a Netherlands-based security researcher, and Finjan Software, an Israeli security firm.

Most Google search results are safe. But in March alone Dewey and other security researchers found several hundred thousand corrupted Web pages returned in common Google search queries. They fear crime groups have just begun to take advantage.

Google issued a statement saying it is helping affected websites fix the problem and is also developing new tools "to detect and block" malicious Web pages.

Security experts say consumers can protect themselves by keeping anti-virus subscriptions and software updates current. Running an anti-virus scan may help repair infected PCs, although more serious fixes may be necessary.

Spokespeople for USATODAY.com and Wired said each blocked the attacks as soon as they were discovered. CNet, owner of TV.com and ZDNet Asia, declined to comment. History.com did not respond to queries.

"It should be the responsibility of the website operators to stop exposing people to risk as soon as possible," says Billy Hoffman, a security researcher at Hewlett-Packard. Gail Hillebrand, senior attorney at Consumers Union, agrees.

Attackers have taken advantage of JavaScript before, but usually on individual sites. The search engine trick — which has been focused on Google, though it could work on Yahoo and MSN search engines — is new, Danchev says.

Attackers are thrilled "to capture even a small percent of the traffic" of a big site, Finjan's Yuval Ben-Itzhak says.