Comments on: Malware hiding from Google http://blog.sucuri.net/2010/04/malware-hiding-from-google.html Protect Your Interwebs Tue, 07 Feb 2012 14:40:59 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: http://sucuri.net http://blog.sucuri.net/2010/04/malware-hiding-from-google.html/comment-page-1#comment-627 http://sucuri.net Thu, 08 Apr 2010 12:59:19 +0000 http://blog.sucuri.net/?p=40#comment-627 @anonymous: That would be a funny thing to do :) I wonder what the malware writers would do at that point.. lol @anonymous: That would be a funny thing to do :) I wonder what the malware writers would do at that point.. lol

]]> By: Anonymous http://blog.sucuri.net/2010/04/malware-hiding-from-google.html/comment-page-1#comment-628 Anonymous Thu, 08 Apr 2010 12:42:15 +0000 http://blog.sucuri.net/?p=40#comment-628 "If that becomes a trend, Google will have to stop using their user agent/common IP address for the malware check" -> or maybe we have to begin to use their user agent to be ignored from malware :) "If that becomes a trend, Google will have to stop using their user agent/common IP address for the malware check" -> or maybe we have to begin to use their user agent to be ignored from malware :)

]]> By: Tony http://blog.sucuri.net/2010/04/malware-hiding-from-google.html/comment-page-1#comment-629 Tony Wed, 07 Apr 2010 18:22:32 +0000 http://blog.sucuri.net/?p=40#comment-629 There is another wordpress hack happening this week where the code only returns bogus information if the user agent is google.<br /><br />http://blog.arpitnext.com/2010/04/wordpress-search-engine-cloak-hack.html<br /><br />Any chance you can get the sucuri monitoring service to make requests as googlebot in addition to a normal browser? Just make sure you don't diff the browser vs bot content as they are sometimes different intentionally, but still send alerts anytime there is a change for either user agent. There is another wordpress hack happening this week where the code only returns bogus information if the user agent is google.

http://blog.arpitnext.com/2010/04/wordpress-search-engine-cloak-hack.html

Any chance you can get the sucuri monitoring service to make requests as googlebot in addition to a normal browser? Just make sure you don't diff the browser vs bot content as they are sometimes different intentionally, but still send alerts anytime there is a change for either user agent.

]]>