An inconvenient hack: Al Gore's website breached
Web site crackers don't always aim to spy on visitors or try to install malicious code on their PCs. Sometimes a web page may instead be suborned to host links intended to boost the Google ranking of an attacker's site. This happened recently to Al Gore's website climatecrisis.net, set up to promote his current film about climate change - "An Inconvenient Truth". Spammers added multiple invisible links on the site's home page, pointing to entries they had created on poorly maintained college blogs. These blog entries either carried advertisements for Viagra, Cialis and other pharmaceuticals, or in some cases linked onwards to pages carrying such advertisements. Although they are not immediately obvious to visitors, who are hardly likely to check source text in search of suspect links, the inserted links are visible in the site's HTML source text, and therefore would normally be spidered by search engine robots.
By creating large numbers of such links from popular sites, spammers can improve the ranking of their own pages in search engines such as Ask.com or Google and gain a top spot in searches. Information on the 13th Climate Change Conference due to take place in Bali from 3 to 14 December 2007 is likely to have attracted many interested visitors to Gore's website, and these visitors will have unwittingly boosted the spammers' business.
The links have now been removed from Al Gore's site, but the trick is known to have been used for months on other popular websites. Symantec has published a detailed analysis of the case in its blog.
- Pharming Pharmaceuticals, Symantec blog
(mba)