Hackers Use Google Analytics Javascript Code to Download Viruses to Your Computer! How?


How heart-wrenching is it to find out after adding Google Analytics to your website that the added code contains malicious codes, designed to download viruses on your visitors’ computers? Not very pleasing! Well, that is exactly what is happening to many website owners who have added the Google Analytics code to their websites.

One website owner said that on March 16th, three of his website members reported that his UK-based website was attempting to download a virus to their computer. The webmaster and his team then deployed a barrage of investigative measures, which revealed that it was indeed a piece of malicious code hidden within the Google Analytics tracking code that was attempting to download the virus to peoples’ computers, Google Support Forum.

A Google support staff was quick to point out that he has in fact seen a multitude of websites being compromised in a similar manner, and the actual reason for the problem is compromised passwords. Therefore, whenever the admin password for accessing the said website ends up in the hands of the wrong people, bad things happen.

These malicious program producers gain access to an unsuspecting website by using a compromised password and then plant virus-producing codes within the Google Analytics Javascript code block. Therefore, people should not get the wrong impression and start blaming the Google Analytics code for being malicious. It is the added code by the perpetrators that is malicious, not the Google code itself. In effect, it is the Google Analytics code that is compromised by the hackers, just wanted to make that clear.

Therefore, to prevent such a thing from happening on any website, the webmaster of that site should take extra precautions by periodically changing passwords.

While compromised password is one way of exploiting the Google Analytics code, the Google support staff cautioned us that it is not the only method of exploiting the code while it is on a website.

Another method of exploitation is the actual injecting of malicious scripts by websites indulging in such practices. An example of such a website was discussed by the Google support staff in the support forum. The Support Staff gave actual names of programs and websites suspected of delivering viruses to compromised websites.

Scripts distributed by malicious websites deliver codes that create hidden iframes that are loaded directly from those malicious sites. It is with such mechanism that viruses are downloaded to peoples’ computers.

One victim of the Google Analytics exploit came forward and shared his story, saying that he too was victimized by the Google Analytics exploit, which was characterized by several days of excessive traffic from an unusual spider that scanned every page on his website.

He then immediately removed the Google Analytics code from his website and server, which ceased the unusual spider activities. This webmaster’s website was ASP-based. This is telling us that it does not make any difference as to what framework the target website is built on, the danger still exist for malicious websites to use the Google Analytics as a virus delivery tool! So, this can happen to websites running ASP, PHP, HTML, etc.

In the event of a Google Analytics exploit, webmasters should check their server access logs for any kind of suspicious “GET (and POST)” requests. These requests will most likely be made by the suspected malicious program because computer viruses can be injected into websites via the HTTP requests protocol, according to a Google support forum member.

The rule of thumb for website owners is to always take extra precautions in password security by changing passwords frequently. A name, date of birth, or child’s birth date should never be used as a password. In fact, passwords should have letters, numbers, and special character combinations to make them very difficult to figure out.

We saw in our discussions that it is not the Google Analytics code that is totally to blame for the downloading of viruses to people’s computers. It is password security of websites.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.