Google Code being used to spread malware
There are viruses and Trojan horses lurking everywhere. McAfee security says that the Google Code site is now being used to spread that sort of malware.
Google Code is the company’s site for developers interested in Google-related open-source development. The site contains open source code and a list of their services which support public APIs. The site hosts the Gears project for enabling off-line access to Google features and and the Web Toolkit, an open source toolkit allowing developers to create Ajax applications in the Java programming language.
McAfee Avert Labs runs the McAfee Risk Assessment Program, which evaluates the level of risk posed by threats encountered in the field or at customer sites. The director of security research at Avert labs, Dave Marcus, has released information indicating that the Google Code repository does not only contain the code that it is supposed to be there. It also contains malware, and user machines are being infected by that specific malware from Google Code.
Marcus reports that, along with the legitimate code, the site contains links to phony videos. Clicking on those links results in the user being asked to download a missing video codec. When the user then agrees to download the codec, a Trojan horse and associated programs are downloaded to the user’s computer instead. These are then used to steal passwords and and financial information form the target computers, according to an article on CNET.com.
Marcus is quoted as saying, “They’re using it as a way to send out links or as a place to house their links and redirects because it’s Google and obviously it gets highly ranked in the index. The bad guys look for services like this as a way to push out code.” This reported problem is very much like one found some time ago by Avert Labs at Microsoft’s MSN Spaces site and which is still causing problems.
Google released the following statement about the reported problem: “Google works hard to protect our users from malware. Using Project Hosting on Google Code, or any Google product, to serve or host malware is a violation of our product policies. Using automated tools, we actively work to detect and remove sites that serve malware from our network. We have removed many of these projects from Google Code and from our search results. Additionally, we’ll continue to explore new ways to identify and eliminate such content.”
Related Posts:
