Botnet Misuses Google Analytics

By exploiting "Google Analytics" service a botnet owner has been trying to collect information about his own network of "zombie" PCs. The botnet owner has embedded the "Google Analytics" code into a form of "Opanki" Virus, according to McAfee. This has facilitated the operator to obtain feedbacks regarding the numerical figure of infected PCs as well as their geographic locations.

Google Analytics (GA) is a free service provided by Google that supplies a website owner with detailed statistical figures regarding the visitors on that particular site. The fundamental purpose of taking this service is that the site administrators can customize their advertisement campaigns on the basis of the geographical locations of the website visitors and their duration of browsing the site, all supplied by GA. The service uses an HTML code that Google can embed in the website, which notifies the Google server about every visit on that website.

Pedro Bueno of McAfee posted some useful facts on his 'blog' on 18th September 2006. He talked about different things that miscreants develop every day to make their job easier. On checking the 288th variant of "Opanki" he said that botnet owners were concerned because there wasn't any organized method to check the bots, for e.g., geographic distribution. However, this could be accomplished with less difficulty through Google Analytics. GA is a free service offered by Google that can help anyone to gather and track information about website visitors. The "Unique Visitor Tracking", "Daily Visitor" and "Geo Location" are some of the tracking methods.

The code that was discovered on the particular botnet variant was featured on the blog. The code embedded in the website could allow to use Google Analytics in a customized manner. Bueno cited this as an example of organized miscreants.

The incident definitely raises concern about the ramifications. malware writers can manipulate this twist to change the functioning of GA, as it can tell them about the number of infections and their locations. It is therefore important that Google address this issue at the earliest otherwise it will assist malware authors to develop more dangerous forms of malware.

Related article: Botnets: Potential Threats to National Security

» SPAMfighter News - 9/25/2006