What do a site on Bitcoin and a Polish bank have in common? Both are ranking good in Google for searches about downloading games, something conjunction offer. The reason? Both competence be victims of a new hacking assault revolving around gaining tip listings on Google and redirecting visitors to other sites.

How Bait Switch Hacking Works

With bait-and-switch hacking, someone gains entrance to a site and starts edition pages on topics that a site itself doesn’t routinely cover. The site competence not even be wakeful that a pages exist.

The hackers are anticipating to precedence a management of a sites they hack. The thought is that edition such calm on an existent site competence do improved than perplexing to tell it on a new site.

Here’s an instance of this in action. For a hunt on “download games,” a page from a site called Bitcoinspot is ranking in a tip formula on Google:

download games google

The site itself isn’t about games. It’s about Bitcoin. But hackers have gained entrance to inject over 300 pages relating to gaming downloads:


They’ve also injected links that usually Google sees, not humans, into a home page of a site:


Flooding a site with these pages worked. The hackers performed a tip ranking as shown earlier. To supplement insult to injury, a pages they injected into a site seem to have been taken from other sites.

Only Google sees that tangible content. Human visitors, when they click, get redirected around JavaScript from a hacked site to another site. The hackers competence acquire off associate fees for a click. Alternatively, they competence benefit from ads on a pages a route to.

Those ads, by a way, for during slightest one of a redirected pages we examined, were powered by Google’s possess AdSense:


Here’s one some-more example, display how a identical thing is function to a Polish bank:


What’s Old Is New Again

This spamming tactic isn’t new. In fact, it’s so aged that years ago, Google had built adult a defenses so that it mostly forsaken out of fashion. It didn’t work good adequate for sites to benefit rankings or benefit rankings for sincerely distinguished terms. But over a past dual months or so, something’s altered that’s permitting it to work again.

Juha Sompinmäki of Gametop download site has been tracking a conditions progressing this month (see his posts here and here) and was in hold with us shortly after it happened. As we’ve all been watching, a hacks seem many successful going after terms associated to gaming and gaming downloads. But there’s justification hackers are going after other terms by holding calm off code sites like Dick’s Sporting Good or a children’s site Nick:



As a screenshots above show, calm from Dick’s Sporting Goods and Nick has been taken and injected into other sites. We didn’t find that this calm was ranking for any quite critical terms or outranking a strange sites. However, a intensity is there.

We asked Google about this conditions behind on Dec 2 and again on Dec 9 though perceived no response. We’re checking again and will refurbish if we hear more.

About The Author

(Some images used underneath permit from

This entrance upheld by a Full-Text RSS use – if this is your calm and you’re reading it on someone else’s site, greatfully review a FAQ during