Imperva Study Reveals Fresh Hacking Technique on Search Engines

According to the security firm Imperva, cyber-criminals are increasingly exploiting search engines such as Google for effectively targeting vulnerable Internet sites and thereby executing automated online assaults. Help Net Security reported this on August 16, 2011.

Apparently, the said operation named "Google Hacking" has attackers, who with the help of maliciously created search requests called "Dorks" and a Web-browser employ networks of bot-infected PCs for generating over 80,000 requests per day, spotting probable attack targets, as well as depicting the resource picture in a perfect way inside the server, which's apparently exposed.

Also, for years now, botnets, by generating excessive traffic on websites, have been bringing such sites down. However, the large numbers of hijacked PCs, like never before, are getting driven against vulnerability of an ancient type.

Speaking about modern hackers, CTO Amachai Shulman of Imperva says that they can very efficiently utilize Google for setting up hackable targets across the Web. Consequently, the miscreants manage in increasingly unleashing assaults that may result in infected websites, company server compromises, data modification, or data theft, Shulman explains. MicroScope.co.uk reported this on August 16, 2011.

Moreover, Imperva states that hackers occasionally scan websites manually to check the presence of the said kind of stray web-links; however, such activity can prove utterly exhaustive. So they've currently determined the way for automating Web-scan i.e. by employing botnets.

These botnets essentially, aid in hunting web-links existing in sequences while having an association with an organizations' website, through an automatic process. The utilization of such botnets as well as Google Dorks helps to find vulnerabilities against which traditional hacking assaults are then launched. Accordingly, websites may become infected, data modified or stolen alternatively organization servers hijacked.

However, the security specialists suggest certain solutions with which Yahoo, Bing and Google can safeguard themselves from these assaults. Actually, search engines are distinctly capable of detecting botnets, which exploit them, thereby facilitating them with knowing further of the attackers. They can also spot unnatural search requests especially those having words within Dork databases alternatively requests, which hunt confidential files. Hence, search engines are capable of determining the lot of prohibited IP addresses.

Related article: Inappropriate IT Decisions Leads to Security Dangers

» SPAMfighter News - 8/24/2011