Hackers use Google to find vulnerabilities
Hackers use Google to find vulnerabilities
Hackers have been exploiting Google's advanced search capabilities recently to find Internet sites with weak security vulnerabilities so that they can infiltrate these sites with malicious viruses.
Through a simple search, these hackers can find default server pages, which can be easily taken advantage of.
Attackers find applications through searching for error pages created by the software. Searches for specific file names can also pinpoint vulnerable servers connected to the Internet.
Researchers found 11,300 vulnerable sites when they did a search to find information about poorly configured databases open to the public.
However, David Banes, the technical director from MessageLabs, said that these attacks should be easy for Google to control. "Google could easily prevent attackers from have access to these sites. It could easily re-configure the settings to block this activity.
"The organisation could stop the results of searches from being displayed, without having to build a new back-end application to stop it.
"All these hackers are doing are using the error pages to gather intelligence so they can build up to an attack. It is not a direct attack and nowhere near as dangerous as phishing scams."
This should be a relief to Google after recently being hit by the MyDoom.O virus, which searched from infected computers for additional email addresses to which programs could send themselves.
Related Article: