Akshay Jain

I was just browsing through Google Trends (as I do on a regular basis) but this is the second time in the week that Google Trends is showing messed up results. This leads to speculation that this might be a successful hacking/spamming attempt which Google is unable to control.

Facts:

Here is the latest Google Trends result that occupies the number #1 position.

This was the basic result that caused me to blog about this.

The appearing of the “Swastika” on the Google Trends page a few days back further strenthens the “foul-play” angle in this whole story.

(Image courtesy: Techcrunch.com)

My Opinions:

1. The search trend of “ǝlƃooƃ noʎ ʞɔnɟ” shows that there were virtually “NO” google searches before today. So what happened today that this term is on the first page? I suspect that this could be because of one or more of the following reasons:

a. Most Likely: There is some snag in the “Google Trends” application by which the hackers have gained control and are manipulating the top results at their will. This is the least destructive option that I can think of.

b. Less likely but far more destructive: The group of hackers has managed to run a mass-search on the Google Search Engine without getting their computers flagged off as spam. This could happen if they are using a lot of “bot-nets” or “infected computers”. This further raises another security issue that a virus of such a scale is at large without the anti-virus companies even figuring what is happening.

This also means trouble for the Google Engineers because they “cannot” stop all the infected computers by putting a blanket ban on them because there are most likely normal users who even do not know what is happening.

An official word from Google is still awaited and the speculation is rife in the blogosphere till the official word comes.

UPDATE: That “ǝlƃooƃ noʎ ʞɔnɟ” is on the fourth spot right now. This is slightly intriguing because Google had pulled down the Swastika “manually” last time. I think they are not removing it completely because of the fact that they would not have to say that it was anything un-natural. It would be passed of as any normal incident.

Ok, so the first thing after I saw this was to send an email to the webmaster of this website “iimi-epgp.net” .  (Do not visit this site. Or if you are too curious, then visit it after disabling javascript). This is supposedly the “Student Website for Executive Post Graduate Programme in Management”.

I discovered this when I was searching in Google for my own name and the first result came up as the web page of some other “Akshay Jain” at that website and with a Google warning that “This site may harm your computer.”

The exploit appears to be a SQL injection in the database forcing the visitor’s browser to open malicious javascript which can then infect the machine. Moreover, this is not only Google that is showing this. My NOD32 also gave the same error.

Malicious software is hosted on 4 domain(s), including tctcow.com, movaddw.com, crtbond.com. (they have not been linked intentionally)

2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including crtbond.com, pyttco.com.

If such professional websites in India are not safe and moreover, after the initial exploit, they are “still” infected without any preventive action taking place, then it raises serious concerns about the security / technical capability of India to deal with such issues.

I will keep you updated on how this goes.

Hi

This is the first post! I will be posting some handy code snippets soon

So stay tuned!