PC Technician discusses hijacking of Google search
Something to watch out for!    Google search results hijacked.
This month's tip has to do with a sneaky little trick the hackers use to hijack your Google search results and send you to adverisers hell. What the clever little SOB's do was to modify a file in windows called the hosts file. They added one other trick and that was to set the hidden attribute to "on" - so when you look in the
"C:\windows\system32\drivers\etc "   folder
you do not see the "hosts" file. And the entry they added looks like this:
which now sets the google server to the ip address as shown, i.e., the address 220.127.116.11. Here's what happens. With the bogus entry in the hosts file - you are sent to this ip address and here is screen shot of the page that is returned when you type in the google URL, i.e., - http://www.google.com - see below:
Well, this looks exactly like Google's home page but remember it is the bogus address - not google's. So I typed in a search term "windows 7" and got the search results page as shown below:
In this screen shot I left the mouse cursor over the result for "Windows 7 -Microsoft Windows" and you can see the left hand bottom of the page - indeed shows the correct URL for this site. If I click on this link it DOES take me to the correct site. But if you look at the next screen shot where I moused over the site
"Windows 7 How-To Articles, Tips, and Guides :: How-To Geek"
Screen shot for How-To Geek below:
Now look at the URL ( lower left hand side - bottom of page) - this looks bogus and indeed it is, as when I clicked on the link I got this page see below ( and not Howtogeek.com site - and most of the other links are bogus as well):
So, with this sneaky little trick - I was re-directed to the sprint.com site and not to what should have been the howtogeek.com site. The problem with this trick is that most anti-malware or anti-virus programs probably will not detect what had happened - as there is no telltale signs of a virus. The hosts file can be modified for legitimate purposes and the anti-malware programs have no way of determining what is legit and what is a bogus entry. The lesson here is to check the contents of the hosts file if you are getting strange or unexpected web page results. Happy Surfing!