Top Search Engine Weaknesses Responsible for Quick Spread of Malicious Spyware
Analysts with the security dealer Prevx have found that some harmful spyware programs that have infected computers block users from going to common search engines to arrive at solution. This facilitates the further spread of the spyware infections.
Prevx CEO, Mel Morris, says that if a user types in a suspicious file name on Google or Yahoo and nothing comes up, then it is usually believed that the file is most likely harmless. Search engines are very effective nowadays. However, an empty search on a rated search tool is more likely a sign that the file is vicious.
Some malware sport a variable filename at the moment of installation. Others replicate the filename of basic Windows services. There is also evidence of malware that depends upon files having a blank name but an executable extension. In one instance, the analysts found a file with the title ".EXE", which was first detected in July 2006. The top search engines could not come up with a specific hit for this filename, showing instead details of all filenames with the suffix ".EXE". In other words, a computer user relying on Google would have had to cope with over 176 million responses.
Some spyware employ hundreds of thousands of varying names for each computer they infect. While these programs often execute the same code, the affected user is not very likely to succeed in detecting the malicious file or finding a solution through the search engines.
The research in addition contains a thorough study of each search engine's degree of response to spidering (reading and parsing) new harmful file matter. During 2006 the names of many destructive files related to spyware infections put up on the Prevx website. After some time the same file names turned up in search results on the popular search engines. The researches found that the time lapse between the two events had a noteworthy variation from 2 to 15 days. This means that the lack of capability on the part of users to rapidly get the needed search results has been a major reason for the wide dispersion of these malware.
» SPAMfighter News - 12-01-2007