These links were not visible to regular users as they were buried in the source code, but they were picked up by search engine software to affect the position of another site altogether.
"The fact that Al Gore's site got hacked or compromised, while definitely of significance, uncovers a much bigger technique now being used by spammers," said Vikram Thakur, of Symantec's security response team.
"The hackers were able to get to the top of the search results by creating links such as these. No one visiting the hacked site would have noticed or been affected by any malicious program. Not yet anyway."
Using this technique, and by posting comments on forums using an automatic generator, the team was able to move its bogus pharmaceuticals site up near the top of the search engine rankings.
Thakur fears that a vulnerability in WordPress web publishing software has left many bloggers open to attack by the same method.
"We have seen the spammers go from comment spamming to hacking WordPress, to injecting links, to getting top listing on the search engine results, to marketing pharmaceutical sites through a large network of interwoven links," he said.
"So far, the only visible damage is for the administrators of the servers with the hacked WordPress.
"This could have been much worse had the hackers decided to insert links to malicious programs. Fortunately, the 'kerching' of cash trumps notoriety."
_(20).jpg&h=140&w=231&c=1&s=0)
_(22).jpg&h=140&w=231&c=1&s=0)
_(26).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
