Google Code Found Harboring Malware-Circulating Project
A new report by Web security firm, Zscaler, has found that malicious hackers are exploiting the Google Code repository to harbor backdoors, Trojans horses and password stealing key logging programs that target multi player online games such as World of Warcraft.
According to the report, the researchers discovered a malicious project harbored on the free Google code website with more than 50 malware executables stocked in the download section of the project.
Commenting on the issue, Umesh Wanve, Senior Security Research Engineer at Zscaler, said that nearly all the files were executable files with zipped ".rar" files, as reported by Zdnet on September 1, 2010.
The time stamps suggest that the files were uploaded during the month of August 2010. This shows that the criminal is actively exploiting this free service to circulate malware.
Wanve further said that the first malicious file was uploaded on June 24, 2010 and was still active at the end of August 2010, showing that Google is slow in detecting and eliminating malicious projects.
Testing the first file (xin.exe) from the list on VirusTotal illustrated that merely eight out of forty three solutions were competent to detect it. On the other hand, the second file (wowvpn.exe) was spotted by more than half of the solutions.
Further study showed that in case xin.exe ran on a computer, it would attempt to download other malware harbored on this project website through a sequence of GET requests.
The security researchers evaluated the remaining files and concluded that it was a compilation of backdoors, keyloggers, Trojans and other forms of malware. The study of a particular file pointed towards China as the main source of origin.
A Google spokesman replied in an e-mail which stated that Google was actively working to safeguard their users from malware. Exploiting Google Code or any of their products, for circulation or synchronization of malware was an infringement of their product policies, and they would eliminate any projects found to be used for these kinds of activities, as reported by Threatpost on September 1, 2010.
On the other hand, Zscaler highlighted that although Google asserted that any project incorporating malicious files would be eliminated, it would take the Google Code team a long time to detect them by scanning the harbored content.
Related article: Google Rectifies Gmail flaw in Three Days
» SPAMfighter News - 11-09-2010