[nothing like a virus in the morning]

[i was hacked: part deux]

S l o w l y as I come to grips with the whole *thing* I'm patting myself on the shoulder for taking screen shots (including of the source code) of the hacker communicating with me (before he crashed it). As soon as I figured out what was going on I thought I'd google to see if anyone had published information on dealing with this kind of a hack. As I googled the thief spoke...

[i was hacked]

I say "I" and not "the computer" because the hack happened in real time and the hacker actually communicated with me as it was happening. I'm still trying to salvage my hard drive which he (I say he though of course I can't know for sure) wiped and then proceeded to rewrite...but more on that later (when I've had time to calm down and hopefully save some work...my whole thesis was there...).

Anyway...I've been trying to figure out how it happened. I don't click on links in spam e-mails (even legit-looking spoofed ones). I have anti-virus software running (a good one), I have anti-spyware apps running (good ones) and it still happened....I wonder if this latest threat to google was related (though I didn't follow any links to .cn sites).

"It appears that a spammer has found out how to infiltrate the Google index without being caught. Here's what is happening in a nutshell:

* Some searches (very specific phrases, and I won't list any of them right now - Google knows which they are) return results with a large number of .cn (Chinese) sites.
* The .cn sites are often scraped content from legitimate U.S. websites
* The legitimate sites are being ranked below the scammed .cn sites for these competitive keywords.
* When a user clicks on one of the .cn sites returned in the result set, the user is redirected to an entirely different page which attempts to install one or more pieces of malware on the user's computer. If the user is not protected, they become infected - I don't know the specifics of the infection as I AM well protected
* The .cn sites don't appear to be hosted ANYWHERE. They are simply redirected domain names. How they got ranked in Google in such a short period of time for fairly competitive keywords is a mystery. Google's index even shows legitimate content for the .cn sites.
* It appears that the faked sites are redirecting the Googlebot to a location where content can be indexed, while at the same time recognizing normal users and redirecting them to a site that includes the malware mentioned earlier. This is an obvious violation of Google's guidelines, but the spammers have found ways to circumvent the rule and hide it from the Googlebot.
* These sites are numbering in the millions for many different keywords and phrases, and appear to be developed on an automated basis. Because of privacy laws, it's hard to track down who owns the domain names - Google has the power to do so, but there has been about exactly zero information from Google about the problem so far, and even many SEO experts and webmasters are not picking up on it.

What Does This Actually Mean?
So what does all this mean? One, don't click on a .cn domain name returned from Google.com. If you need to search for a Chinese site, use Google.cn instead of Google.com. Second is to watch your own SERPs and see if you are suddenly dropping below sites with a .cn TLD. If you find that happening, report it here. Third, don't panic - Google is remaining mum on this for a number of reasons. Were the public to stop trusting Google it could cause major upheavals in the search engine business - if the problem was just spam, the public wouldn't even notice. However, since malware is involved, this is something that could hit the major media with a giant bang and cause a panic. That could affect traffic to some sites in a major way - especially those specifically optimized for the Google search engine.

A Major Infrastructure Problem?
If a smart spammer has really found a way to game the Google search results with spoofed or cloaked sites, and Google still doesn't have a fix, this could be a major issue with the underlying infrastructure of the entire Google operation. I've seen hints that a significant infrastructure change is taking place; is this spam issue the reason? Could that mean that Google was actually hacked instead of someone spamming the index? If so, webmasters may be waiting a long time for the expected Pagerank update while Google fixes the leaks.

Time to Worry?
This is the first time that I've ever been worried that Google's own index has been hacked. The obvious and blatant circumvention of a guideline normally picked up by the Googlebot quickly is worrisome. A normal website pulling this would be banned almost instantly. The fact that none of the sites have real content and don't appear to even be hosted anywhere is even more scary. How did millions of sites get indexed if they don't exist?"

[spam e-mail - mais non?]

there is something poetic in this: Note the use of txt spk and the final line ending on a question:

"Against, themif writes dont.
Suspect consult provider strongly recommends,
physician beginning. Julie andrews bowen christie delpy dreyfus newmar. Saving
uploading server bandwidth theft? Hall rice biel lange pare jet li. Wednesday
thursday friday saturday.
Than what, already chances seek, isnt readily.
Mexico easiest childhoods child dropped met biological adopted.
Writers refrain journal ended reason daily.
Ashton kutcher audrey tautou ben. Aniston beals
connelly esposito gimenez, grey love, hewitt.
Eliza dushku geri halliwell gillian. Child dropped
met biological, adopted committed suicide husband. El camino school oceanside spent.
Hard stud biggest besides ghost indecent. Both,
overall rating exotic? Tree hill house smallville prison break, blanket keyword
dogs! Emergency personnel press charges ibanezwild ryanthe enoughdr? Why going
friend, relative coworker may presence impede.
Kiss even pull knife. Background, make, them, more
attractive animals. Entirely choicedont psycho stalkeryou shouldnt! Celebrity
photo gallery by. Brewster jorge posada joseph mcginty nichol josephine baker josh.
Illegal case complain layout show script graphic.
Them more attractive animals that eat.
Annette bening ashlee, ashton kutcher audrey
tautou! Wallpaper music contact still ab cd ef? Sarah gellar parker, scarlett
johansson, tara reid. Andrews bowen christie delpy.
Elmos, fire rest young cast including. Naomi
campbell natalie portman neve nicole kidman imbruglia ornella?
Marc jacobs york annual toronto festival party
volver. Material note, frequently changes date?
Bad girl, think carry dark secret im obsessed,
death. Jones christina aguilera ricci cindy.
Behavior erratic feared, safety claimed physically
verbally. Stacy saysjolie tertium quid mon?
Shields bruce willis
bryce?"