The hack can be difficult to detect because it does not affect the displayed pages of the compromised Web site or blog. So the spam (generally about Viagra, Cialis, etc) only shows up if the user is a search crawler (GoogleBot, etc) or the user is approaching the users site from a search result. Because of this behavior, many sites have been compromised for months with those spam keywords and the website owner is blissfully unaware. A quick way to check if your site is compromised is by searching on Google for “site:yourdomain.com cheap viagra”
Because Web site owners cannot readily see when they have been pharma hacked, the online reputation of a legitimate company or individual can be seriously damaged before the rogue code can be removed. Victims of this hack will have decreased traffic to their sites and, in some cases, removal of their sites by Google from search result lists.
Once discovered, the code can be taken out of the affected files, although the process can take considerable time and effort. The infection is a bit tricky to remove and if not done properly will keep reappearing