By Mark Ward

Technology correspondent, BBC News website



The booby-trapped sites have been removed from Google's index

The booby-trapped websites came up in search results for search terms such as "Christmas gifts" and "hospice".

Windows users falling for the trick risked having their machine hijacked and personal information plundered.

The criminals poisoned search results using thousands of domains set up to convince search index software they were serious sources of information.

Innocent victim

While computer security researchers have seen small-scale attempts to subvert search results before now, the sheer scale of this attack dwarfed all others.

"This was fairly epic," said Alex Eckelberry, head of Sunbelt Software - one of the firms that uncovered the attack.

Mr Eckelberry said tens of thousands of domains were used in the vanguard of the attack. Most domains were Chinese registered, hosted in the US and were only a couple of days old.

Websites loaded on these domains were booby-trapped with malicious software that looked for vulnerabilities in copies of Microsoft's Internet Explorer used to browse them.

This is not going to go away

Alex Eckelberry

The criminals who bought the domains convinced the indexing software used by Google, MSN and Yahoo they were good and popular sources of information, said Mr Eckelberry.

Although the results were indexed by Yahoo and MSN the webpages were coded to only show up if someone used Google.

They accomplished this using comment spam on blogs to push the pages up the search index rankings.

Sunbelt had discovered malicious sites connected with search terms such as "hospice", "cotton gin and its effect on slavery", "infinity" and many more.

"You could be searching for really innocuous things and get nailed," said Mr Eckelberry. "There was really nasty stuff in there."

"If there's any message from this I can scream from the rooftops its make sure you patch your machine," he said.

Security firm Trend Micro also discovered a series of booby-trapped sites aimed at Christmas gift shoppers and those looking for information about many other innocent subjects.

"Some of the top rated hits are leading to the malicious sites," said Raimund Genes, chief technology officer at Trend Micro.

The criminals tried to catch out Windows users

He speculated that the campaign was being waged by the Russian Business Network - a hi-tech criminal gang known to favour web-based attacks.

The booby-trapped websites were thought to be in operation for about 24 hours before Google began stripping them out of its search index. Some of the trapped websites are believed to be still turning up in searches carried out on Yahoo and MSN Live.

But, said Mr Eckelberry, this attack was likely to be a harbinger of many more.

"This is not going to go away," he said.