(USA TODAY) - Question: I searched for a page I've visited before, saw Google present the address I remembered and clicked through - and then the address changed a couple of times before I wound up at a different page full of sketchy ads. What happened?
Answer. This form of search hijacking happened to me last week, and it was more than a little alarming.
My first thought was that my computer had been somehow hacked, but a couple of other factors suggested otherwise.
One was that the same thing happened on every device on my home network - including computers running iOS and Google's Chrome OS, operating systems that should have been less likely to get a virus.
An infection of a wireless router will affect every computer that connects to its Wi-Fi signal. But the weirdness persisted after I'd double-checked my own router's settings - then, just in case, reset it to factory condition and configured it from scratch.
The other factor was that I saw the same search skullduggery when I used Microsoft's Bing but not when I tried my query at a less-widely-used search site, DuckDuckGo. Plus, this didn't happen with search results pointing to any other site. What kind of malware would be so picky?
So if the virus wasn't on my computer or my router, what was left? The site that hosted the page I'd originally sought.
Here's the trick: If you can stash some malware on somebody else's Web server (usually, by exploiting an unpatched vulnerability in its code), that bug can intercept incoming requests and send them elsewhere. It can also target clicks from popular search engines by scanning the "referer" data that visiting users' Web browsers send along as a courtesy.
(Referers are not something you want to disable. They've been part of the Web's plumbing from the start; knowing what sites sent visitors to your page helps keep your own site working well.)
But why would a malware author bother going to that trouble? If you can steal somebody's search traffic without having to create a site that people would actually want to find, you can then sell advertising space on that site to unscrupulous third parties. That's the thing to remember about the malware mindset: Most of it is written for profit, not amusement.
Once I'd figured that much out, fixing the problem got easier. I e-mailed a publicist for the company involved and asked if they could check their server for any malware. Within a few hours, they had found and flushed the rogue code, and my original search worked normally.
So if you see search clicks going where they shouldn't, don't assume it's just your computer or your Internet connection. It could be somebody else's site, and it's worth taking a moment to use that site's "contact us" link or page to send them a note about it.
While I was doing all the debugging outlined above, I learned that my wireless router had a software update waiting from its manufacturer - even though it had been less than three months since I'd set up the thing.
This can easily happen with the "firmware" on routers - so called because it's embedded in the device instead of being removable software. Many of them have no obvious way to tell you "upgrade me, please" (Apple's AirPort models are a rare exception), so you'll have to see for yourself by logging into your router's settings page.
On most models, you'd do that by typing 192.168.1.1 into your browser and entering an admin user name and password (if you haven't changed that password from the default to something less obvious, do that now). If that address doesn't work, consult your router's manual - which you'll need to do anyway to see how to check for firmware updates.
This isn't the most entertaining routine, but it will ensure you don't miss performance or stability upgrades delivered with a software fix, and it can also give you a chance to spot any mischief with your network's settings.