Matt Cutts, the head of Google's Web spam team, has announced on his Twitter account that the company has notified 20,000 Web site owners that their sites may have been compromised.


"We think that JavaScript has been injected into your site by a third party and may be used to redirect users to malicious sites," says the message, and advises the webmasters to check their source code for any unfamiliar JavaScript and in particular any files containing "eval(function(p,a,c,k,e,r)".

"The malicious code may be placed in HTML, JavaScript or PHP files so it's important to be thorough in your search, Google's Search Quality Team points out. "In addition, it's also possible your server configuration files (such as Apache's .htaccess) have been compromised. As a result of this, your site may be cloaking and showing the malicious content only in certain situations."

"We encourage you to investigate this matter in order to protect your visitors. If your site was compromised, it's important to not only remove the malicious (and usually hidden) content from your pages, but also to identify and fix the vulnerability. A good first step may be to contact your web host's technical support for assistance. It's also important to make sure that your website's software is up-to-date with the latest security updates and patches," they conclude and offer a link to instructions on how to go about the cleaning.

Webmasters often don't notice that their site has been compromised because the malicious redirects are triggered only when a visitors comes to the site by clicking on the results of a Google search - something that site owners or operators never do.