[dirty hardware]

Beware harware that is pre-owned, returned or is a floor model. Slashdot warns of malware infected hardware:

"twitter brings us a story about the increasing number of digital devices reaching consumers with malware already installed. In this case, digital photo frames from three different Sam's Club stores were found to contain the same type of malicious code. We discussed a similar problem with iPods a while back, as well as a more recent situation with Maxtor hard drives".

From The Register:

"In the past month, at least three consumers have reported that photo frames - small flat-panel displays for displaying digital images - received over the holidays attempted to install malicious code on their computer systems, according to the Internet Storm Center, a network-threat monitoring group. Each case involved the same product and the same chain of stores, suggesting that the electronic systems were infected at the factory or somewhere during shipping, said Marcus Sachs, who volunteers as the director of the Internet Storm Center.
When (the first incident) pops up, we thought it might be someone that was infected and blamed it on the digital picture frame," Sachs said. "But this is malware - and malware that does not seem to be very well detected. You could plug in a device and infect yourself with something that you would never know you had."

The incidents underscore that the proliferation of electronic devices with onboard memory means that consumers have to increasingly be aware of the danger of unwanted code hitching a ride. While many consumers are already wary of certain devices, such as digital music players, USB memory sticks and external hard drives, that include onboard memory, other types of electronics have largely escaped scrutiny.

In the past, consumer devices infected with malicious code have generally been the result of manufacturing mishaps. In October 2007, for example, hard-disk drive maker Seagate acknowledged that a password-stealing Trojan horse program had infected a number of its disk drives shipped from a factory in China after a computer at the manufacturing facility was infected. The Trojan horse would infect systems and attempt to steal the account credentials to Chinese online games as well as the popular World of Warcraft.

In another incident, a Windows computer virus snuck onto the hard drives of a limited number of Apple's iPods during manufacturing in 2006.

Going forward, infections may no longer always be accidental, said Sachs, who is also the executive director of government affairs at telecommunications provider Verizon.

"I think that supply-side attacks are going to go from zero to some small percentage," he said. "It is obviously not going to be as dangerous as mass mailing email infections, but you could have some really clever targeted attacks."

[nothing like the smell of more hacking]

ahhhh more hack attacks but this time (luckily) norton caught it...

[i was hacked: part deux]

S l o w l y as I come to grips with the whole *thing* I'm patting myself on the shoulder for taking screen shots (including of the source code) of the hacker communicating with me (before he crashed it). As soon as I figured out what was going on I thought I'd google to see if anyone had published information on dealing with this kind of a hack. As I googled the thief spoke...

[i was hacked]

I say "I" and not "the computer" because the hack happened in real time and the hacker actually communicated with me as it was happening. I'm still trying to salvage my hard drive which he (I say he though of course I can't know for sure) wiped and then proceeded to rewrite...but more on that later (when I've had time to calm down and hopefully save some work...my whole thesis was there...).

Anyway...I've been trying to figure out how it happened. I don't click on links in spam e-mails (even legit-looking spoofed ones). I have anti-virus software running (a good one), I have anti-spyware apps running (good ones) and it still happened....I wonder if this latest threat to google was related (though I didn't follow any links to .cn sites).

"It appears that a spammer has found out how to infiltrate the Google index without being caught. Here's what is happening in a nutshell:

* Some searches (very specific phrases, and I won't list any of them right now - Google knows which they are) return results with a large number of .cn (Chinese) sites.
* The .cn sites are often scraped content from legitimate U.S. websites
* The legitimate sites are being ranked below the scammed .cn sites for these competitive keywords.
* When a user clicks on one of the .cn sites returned in the result set, the user is redirected to an entirely different page which attempts to install one or more pieces of malware on the user's computer. If the user is not protected, they become infected - I don't know the specifics of the infection as I AM well protected
* The .cn sites don't appear to be hosted ANYWHERE. They are simply redirected domain names. How they got ranked in Google in such a short period of time for fairly competitive keywords is a mystery. Google's index even shows legitimate content for the .cn sites.
* It appears that the faked sites are redirecting the Googlebot to a location where content can be indexed, while at the same time recognizing normal users and redirecting them to a site that includes the malware mentioned earlier. This is an obvious violation of Google's guidelines, but the spammers have found ways to circumvent the rule and hide it from the Googlebot.
* These sites are numbering in the millions for many different keywords and phrases, and appear to be developed on an automated basis. Because of privacy laws, it's hard to track down who owns the domain names - Google has the power to do so, but there has been about exactly zero information from Google about the problem so far, and even many SEO experts and webmasters are not picking up on it.

What Does This Actually Mean?
So what does all this mean? One, don't click on a .cn domain name returned from Google.com. If you need to search for a Chinese site, use Google.cn instead of Google.com. Second is to watch your own SERPs and see if you are suddenly dropping below sites with a .cn TLD. If you find that happening, report it here. Third, don't panic - Google is remaining mum on this for a number of reasons. Were the public to stop trusting Google it could cause major upheavals in the search engine business - if the problem was just spam, the public wouldn't even notice. However, since malware is involved, this is something that could hit the major media with a giant bang and cause a panic. That could affect traffic to some sites in a major way - especially those specifically optimized for the Google search engine.

A Major Infrastructure Problem?
If a smart spammer has really found a way to game the Google search results with spoofed or cloaked sites, and Google still doesn't have a fix, this could be a major issue with the underlying infrastructure of the entire Google operation. I've seen hints that a significant infrastructure change is taking place; is this spam issue the reason? Could that mean that Google was actually hacked instead of someone spamming the index? If so, webmasters may be waiting a long time for the expected Pagerank update while Google fixes the leaks.

Time to Worry?
This is the first time that I've ever been worried that Google's own index has been hacked. The obvious and blatant circumvention of a guideline normally picked up by the Googlebot quickly is worrisome. A normal website pulling this would be banned almost instantly. The fact that none of the sites have real content and don't appear to even be hosted anywhere is even more scary. How did millions of sites get indexed if they don't exist?"