Google Analysis Concludes 20,000+ Sites Infected with Malicious Javascript Code{1}

by Vincent S
Last week I blogged about how hackers have come up with a new simple technique for injecting javascript malware into sites in a manner that will avoid virus detection from anti-virus programs.  This week I am writing a follow-up article about a recent statement made by Google about the frequency of these kinds of attacks.  Google performed a recent survey on sites across the web to determine just how many are infected with malicious javascript, particularly javascript injected through several pieces to avoid detection.  They concluded that at least 20,000+ sites that they surveyed are infected in this manner (not surprising considering how many sites are on the web overall).  Further analysis traced a certain function “eval(function(p,a,c,k,e,r)” that is commonly found within the sites infected.  Google has warned those infected sites through blogs to check their sites for this function in order to correct the issue.
Again, through this we can see the dangers of Internet malware.  However, not just as web users, but as web developers who want to make sure our developed sites do not become victim to malicious coders.  The reason I believe that Google performs these analyses is to possible exclude infected sites from Google searches to safeguard users.  In pass cases, Google has been known to exclude whole domains based on the fact that sites with that certain domain extension are constantly infecting users.  In order to provide the best experience possible for users, Google consistently performs these checks to protect us, its customers.

Essers, Loek (April 19, 2012). PC World. Google Warns 20,000 Websites That Could Be Infected With Malware.  Retrieved from,000websites thatcouldbeinfectedwithmalware on May 6, 2012.