[nsp-sec] Modifying proxy showing up in (Google) search results
SURFcert - Peter
p.g.m.peters at utwente.nl
Fri Nov 25 04:28:28 EST 2011
Hi,
I don't know if this is the right place, but we haven't come up with any
other way
to get this under Google's attention.
We noticed that Google Search has data in it's index coming from a
'modifying' proxy. The proxy (try http://<fill in your domain>.fake.so)
fetches the original page, adds an advertising (money generating) banner
and changes words into words from the NSFW dictionary.
This looks like a home user in Sweden running a 'fun' application which
might give him/her some cash from the banners (we haven't found evidence
yet that indicates malicious intentions like spreading malware or using
the proxy-URL's in phishing mails). But the fact that the proxy-URLs
have shown up in Google searches on the first pages is worrying and
might indicate some effort to influence the search results for financial
gain.
We're now looking for a contact at Google to find out what the general
policy is for indexing proxies like this and if this (type of) proxies
can be filtered/removed from the index.
The webmaster tool only allows manipulation of Google content in our own
domain.
--
Peter Peters /------\ SURFnet bv
SURFcert | SURF | cert.surfnet.nl
cert at surfnet.nl \-----\ \-----\ Postbus 19035
PGP Key ID 0x5A52C966 | CERT | NL-3501 DA Utrecht
+31 30 2305 305 \------/ fax: +31 30 2305 329
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 543 bytes
Desc: OpenPGP digital signature
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20111125/cf07119e/attachment-0001.sig>
More information about the nsp-security
mailing list