Matt Cutts, head of the Google webspam team, said in a tweet: “Is your site doing weird redirects? We just sent a ‘your site might be hacked’ msg to 20K sites.”
In a message posted on one of the compromised websites, the Google Search Quality Team warned:
"Dear site owner or webmaster, we are writing to let you know that we believe some of your website’s pages may be hacked. Specifically, we think that JavaScript has been injected into your site by a third party and may be used to redirect users to malicious sites. You should check your source code for any unfamiliar JavaScript and in particular any files containing ‘eval(function(p,a,c,k,e,r)’. The malicious code may be placed in HTML, JavaScript, or PHP files so it's important to be thorough in your search.”
The Google team added: “In addition, it's also possible your server configuration files (such as Apache's .htaccess) have been compromised. As a result of this, your site may be cloaking and showing the malicious content only in certain situations. We encourage you to investigate this matter in order to protect your visitors. If your site was compromised, it's important to not only remove the malicious (and usually hidden) content from your pages, but also to identify and fix the vulnerability. A good first step may be to contact your web host's technical support for assistance. It's also important to make sure that your website's software is up-to-date with the latest security updates and patches.”
Paul Roberts, editor of Kaspersky Lab’s Threat Post blog, commented that “malicious and suspicious websites are often able to use search engine optimization to slip past Google's filters and wind up on search results lists, and that the search engine giant flags only half of all the malicious links rendered by its search engine.”