Google has created one of the most powerful search tools in the history of
Web humanity. One of its goals along the way was to archive all of human knowledge. Another was to not be evil.
But the company discovered that at the intersection of archiving all human knowledge and not being evil is malware. In its pursuit of archiving the Web, Google has
inadvertently become a tool for discovering and deploying malware. Now
Google wants to turn the tables on malware and wants you (yes, you, good
reader) to report malware to Google when you find it.
“Currently, we know of hundreds of thousands of Web sites that attempt to
infect people’s computers with malware,” Google developer Ian Fette wrote in
a blog post. “Unfortunately, we also know that there are more malware sites out there. This is where we need your help in filling in the gaps.”
Google’s plea for assistance follows an incident earlier during the
week when security firm Sunbelt Software identified thousands of search
terms that led to malware. The company didn’t only point out sites that discussed malware, but also actual sites hosting drive-by code, whereby the simple act of visiting the page could be enough to infect a user’s computer. The sites
identified by Sunbelt have now been purged from Google’s index.
“We worked closely with Google on this yesterday and they were very
aggressive on handling the problem,” Alex Eckelberry, president and CEO of
Clearwater-based Sunbelt Software, told InternetNews.com.
He’s not even miffed that Google did not credit Sunbelt in its post. “We work with them regularly, and they’ve already given us public credit for our work,” Eckelberry said. “I will say Google is very responsive to this type of stuff and from a security perspective, very easy and fast to work with.”
Though Google wants to cut down on malware, the effort may not necessarily
deter Google hackers.
The act of using Google for security purposes is sometimes referred to as
“Google hacking.” One of the most infamous proponents of Google hacking is Johnny ‘I hack stuff’ Long who literally wrote the book on the subject.
Long thinks Google’s new reporting initiative is a great idea.
“Google’s had this unofficial ‘do no evil’ motto, and this effort supports
that,” Long told InternetNews.com. “Lots of browser-targeted
intrusions originate from traditional Web surfing sessions, and most folks
use Google as their Internet surfing origination point. A Google-based
security wedge against malware is a terrific idea, and it should cut down the
numbers of these types of infections significantly.”
Long noted, however, that e-mail remains an attack vector for malware
delivery, though Gmail now has an integrated virus-scanning feature. He
expects that it’s only a matter of time before Gmail will incorporate the
malware click-through protection Google offers for Web searches, protecting e-mail users as
Google’s outreach effort to get users to report malware isn’t necessarily
going to impede the security research done by Long and those of his ilk. Long said he doesn’t think Google hackers search for malware.
“Google hacking is an attempt to get at interesting, amusing, or
ridiculously exposed online data,” Long explained. “Great Google hackers
have moved well beyond this space technically, enabling them to do really
amazing things to a target through Google, but even those advanced attackers
are not surfing the Web for malware.”
The reason attackers don’t use Google for malware is simple: They’ve got
other places to go.
“Most in search of malware for offensive use know the good stuff — it ain’t
distributed through public Web,” Long said. “It’s distributed through dark
Web servers, peer-to-peer networks, IRC channels, torrents and the like.
“Google’s efforts will not affect how skilled hackers get access to
malware,” he added.
This article was first published on InternetNews.com.