Rogue hackers are getting cuter when it comes to hitting users with malware. Their latest trick is to exploit the Google picture of the day, the so-called Google Doodle. On Tuesday, users who clicked on the picture of LL Zamenhof, Esperanto's creator got a nasty shock. The picture which was celebrating 150 years since his birth had been doctored by hackers giving Google search users some uncomfortable results.
It's the latest example of just how good scammers have become at manipulating Google search results. For months now, they've followed Google's Trending Topics section and then used search engine optimisation techniques to push hacked web pages up to the top of Google's search results, security experts say.
They do this by flooding hacked pages with keywords that are then recorded by Google's search engine.
Hackers have several ways of getting their code on legitimate websites - lately they've focused on stealing FTP login credentials, according to Dave Michmerhuizen, a research scientist with Barracuda Labs.
The hacked sites that pop up when one clicks on Tuesday's Google Doodle include a hair salon in New Jersey, an Texas tree company, and a science fiction group. Visitors were taken to a number of dodgy advertisements or pages that tried to trick visitors into thinking their computers were infected and paying for fake antivirus software.
These results remained steadily in the top 5 to 10 search results for people who clicked on the Google doodle link today, and often filled up about half of the first few pages of results, Michmerhuizen said.
"I see this all the time," he said. "Poisoning a trend is nothing new, but in this particular case, it's a search where you actually click on Google's logo and you get results back from sites where half of the links have been compromised."
A Google spokesman said that this type of problem affects other search engines as well. Google is aware of yesterday's Doodle problem and has "already removed many of these sites from our index," he added.
"To do this, we have manual and automated processes in place to enforce our policies," he said. "We're always exploring new ways to identify and eliminate malicious sites from our index."