Websites were also warned that server configuration files could have been compromised."As a result of this, your site may be cloaking and showing the malicious content only in certain situations," Google said. It emphasised that it is important to remove the malware and fix the vulnerability to protect site visitors. Webmasters were also urged to keep their software up-to-date and to contact their web hosts for technical support.
It is not the first time Google has warned website owners to look for malware infections, Google spokesman Mark Jansen said. "It's part of our ongoing mission to be transparent with webmasters and do our bit to help prevent spam," he said. "In fact this isn't a new phenomenon; we communicate very openly with webmasters and always have done."
Google's anti-malware campaigns can have a big impact. Last July Google excluded more than 11 million URLs from the "co.cc" domain, because they were regularly used by cybercriminals to spread antivirus programs and conduct drive-by attacks. Google explained in at the time that some bulk providers could host more than 50,000 malware domains, and that it could flag whole bulk domains in severe cases.
While unconnected, the Flashback Trojan has been exploiting CVE-2012-0507, which is a Java vulnerability.