Google Groups Continue to host Explicit Content Containing Malware

Alex Eckelberry, CEO, Sunbelt Software, demonstrated by walking up to a bunch of computers placed in the RSA Conference exhibition hall and opening the advanced search page of Google Groups. Eckelberry then typed the words, "porn video", and confined the search results to the three months of January-March 2008, as reported by InformationWeek on April 9, 2008.

The results that appeared counted to 838,000 covering the period from January 9 to April 8 in accordance with the criteria of the search. According to Eckelberry, most of the pages from the search results contain malware. In order to prove this point, Eckelberry opened a number of pages on Google Groups to show that the pages hosted embarrassing videos. Each of the pages also showed pop-up boxes asking Eckelberry to give his consent to install fake media codecs all of which actually contained malware.

According to Eckelberry, this happens directly due to a compromise of the CAPTCHA utility. However, he noted that there could be no infection on the conference PCs because the systems were all locked down.

In the meantime, the notorious 'Storm' botnet is pushing out spam with links to the different blogs on Blogspot, the blogging system in Google. Therefore, it is no surprise that the malware developers do not disclose their online records to users rather go on infecting systems with their worms. The blogs that have been created with just these intentions land the users onto a page inciting hopes for a good animation download as per promise. But, the download actually shows up the Storm worm.

While it is known that Google puts great efforts in cleaning its system from all infected pages, users have been warned to exercise caution when clicking links, both on Websites and in e-mail just because a link points to a legitimate domain does not imply that there could be no malware on the content.

According to a Google spokesperson, the company had plugged a security hole in February to prevent users from crafting a certain malicious URL on Google, as reported by InformationWeek on April 9, 2008.

Related article: Google Rectifies Gmail flaw in Three Days

» SPAMfighter News - 4/14/2008