While looking up New Year’s Eve celebrations taking place in the mountains of North Carolina today I came across a hacked site. That is nothing out of the ordinary, however, the site’s payload is a trojan deliverable via a JavaScript. The way this works, is, you visit the site, the script gets executed via your browser, your PC gets infected.

The page is highcountryhost.com/top-high-country-new-years-celebrations/.

Information about the high country is tough to find online so I backed up and tried to pull the page from Google’s Cache (related = view webpages cached in Google Search results). I was shocked to discover that Google had pulled the trojan and placed it in their cache.

I didn’t test it but I am fairly certain that if you browse Google’s cache using a vulnerable PC you will be infected!

screenshot of cached JS trojan

I’m not quite sure how Google could fix this issue. As I reported earlier in the week, Google does crawl and index JS content, so it makes sense that it would cache it as well.

I double checked the page via Securi, and it is indeed compromised:

I was finally able to access an outdated copy of the page via the Wayback Machine.



Leave a Reply