Abuse Of Google Search Could Help Regulate Botnets

Symantec Corp., vendor for security solutions has just detected a malware dubbed Downloader.Sninfs, which by utilizing Twitter, the micro-blogging service, to act like a command-and-control system, spreads Infostealer.Bancos, the malware that steals passwords via the technique of phishing on fraudulent websites that spoof Brazilian banks.

Following this new finding, security researchers caution users that the Google search engine is capable of being abused in much the same way for building a botnet that could resist takedown efforts more successfully.

Said Vaclav Vincalek security researcher from Vancouver and also President, Pacific Coast Information Systems Ltd. (PCIS), online attackers could begin exploiting search engines that enjoy widespread popularity, towards transmitting malware to botnets whenever specific keywords are entered for search. ITWorldCanada.com published this during the 3rd week of August 2009.

Elsewhere, citing Google, Vincalek stated that in case the botnet began utilizing Google for certain words/phrases and thereafter discovered the malware as well as executed it, then anyone could begin utilizing Google to transmit the malware, alternatively commands to the network of bots. SoftPedia reported this on August 24, 2009.

Vincalek said that the strategy abusing Google would really work effectively given that innumerable people operated its search engine every day that is known to enlist a wide array of websites.

Also according to Vincalek, while he didn't know whether anyone had used the strategy thus far, the idea that any botnet operator would abuse Google in the manner discussed and further thwart efforts to counter it, was frightening. For, while with Twitter, any account could be conveniently shut down, it probably wasn't possible to shutdown Google.

Meanwhile, more news regarding botnets indicate that with the passage of years, botnets, which used to take instructions from only one command-and-control server, now exchange data among all the clients via P2P technology, suggesting an evolutionary step in the botnet infrastructure.

Finally, Vincalek and other security experts advise Web users to surf on the Internet with caution, especially because cyber-criminals' increasing sophistication could result in damage of computers as also bring down the whole Web, apart from being aware of various security threats associated with surfing.

Related article: APACS Reports Phishing On The Rise

» SPAMfighter News - 9/12/2009