got a virus? |
|
---|
PC Technician discusses hijacking of Google search
Something to watch out for!    Google search results hijacked.
This month's tip has to do with a sneaky little trick the hackers use to hijack your Google search results and send you to adverisers hell. What the clever little SOB's do was to modify a file in windows called the hosts file. They added one other trick and that was to set the hidden attribute to "on" - so when you look in the "C:\windows\system32\drivers\etc "   folder you do not see the "hosts" file. And the entry they added looks like this: 94.63.147.16     www.google.com which now sets the google server to the ip address as shown, i.e., the address 94.63.147.16. Here's what happens. With the bogus entry in the hosts file - you are sent to this ip address and here is screen shot of the page that is returned when you type in the google URL, i.e., - http://www.google.com - see below: Well, this looks exactly like Google's home page but remember it is the bogus address - not google's. So I typed in a search term "windows 7" and got the search results page as shown below: In this screen shot I left the mouse cursor over the result for "Windows 7 -Microsoft Windows" and you can see the left hand bottom of the page - indeed shows the correct URL for this site. If I click on this link it DOES take me to the correct site. But if you look at the next screen shot where I moused over the site "Windows 7 How-To Articles, Tips, and Guides :: How-To Geek" Screen shot for How-To Geek below: Now look at the URL ( lower left hand side - bottom of page) - this looks bogus and indeed it is, as when I clicked on the link I got this page see below ( and not Howtogeek.com site - and most of the other links are bogus as well): So, with this sneaky little trick - I was re-directed to the sprint.com site and not to what should have been the howtogeek.com site. The problem with this trick is that most anti-malware or anti-virus programs probably will not detect what had happened - as there is no telltale signs of a virus. The hosts file can be modified for legitimate purposes and the anti-malware programs have no way of determining what is legit and what is a bogus entry. The lesson here is to check the contents of the hosts file if you are getting strange or unexpected web page results. Happy Surfing! |