Feb 01 2009
Google Hacked
17:13 UPDATE Google says it was just human error.
16:57 UPDATE: Just heard from Google’s Matt Cutts that a blog about the problem and the fix is on its way from Google, presumably will appear here soon.
UPDATE: Google search results are back to normal. The issue persisted for at most half an hour but affected users across the globe. Google has obviously quickly got on top of the problem. But, was it a hack, a DNS glitch, or the first rumblings of the DownAdUp worm dumping its payload? Could it have been something to do with open redirect URLs mentioned in one of Google’s own blogs yesterday? Or, perhaps it’s related to the exposure of a clickjacking flaw in the Google Chrome browser.
Has the mighty Google been hacked? Today countless twitter users are asking each other why all sites are being labeled as malware in the search engine’s results pages (SERPs). Exceptions are Google-owned sites like Youtube. Although Google itself is being labeled as malware infected!
Carry out any search and you will see all links flagged with the warning “This site may harm your computer”. Try clicking through and you will get to their malware alert page that warns you not to proceed. Now, either every single site on the web was simultaneously hacked and malware installed on millions of servers, or there is a bug or hack at Google. Users from Thailand to Paris, from Cambridge to New Jersey are reporting the problem.
It doesn’t matter which web browser you use, Firefox, Chrome, Internet Explorer, Safari, it makes no difference if you have anti-spyware software installed or a firewall running. Clearing your cache and proxies has no effect either.
Could this be to do with the recent infestation of the DownAdUp or Conficker worm? I’m trying to get in touch with Google’s spammeister Matt Cutts to see what he and his colleagues make of the problem…
Interestingly, DEfusion also spotted that Google-owned sites like Youtube are not being flagged as malware. TechCrunch also just published a quick news story on this.
This is not the first time we’ve seen a Google glitch of this sort, back in May 2005, the uber search engine reported DNS issues that was redirecting users hoping to a single site.
16:46 GMT UPDATE: StopBadware.org is back up and reveals that it was a glitch at google, which is what I thought, not a glitch at StopBadware that caused the problems, they suffered a denial of service because of the huge number of SERPs hitting their info page after the problem arose on Google’s side.
16:42 UPDATE: After the shortlived Google SERPs fiasco, check your GMail spam folders for false positives.
NEW UPDATE: A couple of sources are saying that the transient problem with Google SERPs was due to an outage at the site that adds the flags for Google stopbadware.org. Of course, it’s hard to tell whether the site was down ahead of the problem emerging or whether it’s down because of the traffic spike caused by the problem itself.
It just shows how a business could suffer if a company relies on a single external partner. There’s a lesson for anyone relying on Adsense for their income in there somewhere.
