Could search sites spawn worms?

PC World - Worm attacks are bad enough by themselves, but some experts warn of an even more devastating variation: one that strikes at the application level instead of targeting network infrastructure, and spreads to Web sites through Web-based search engines.
Essentially, a smart worm could crawl into the data gathered by a search engine to identify the most vulnerable sites and target them, say some security experts and analysts.

List of victims
"Search engines basically crawl Web sites and all their links and categorize them," says Shlomo Kramer, CEO and president of Imperva Inc., a Web application security company. Among the ways search site "bots" categorize sites is by their vulnerability.
"These vulnerabilities are indexed and saved in a very organized way and are available for anybody to access," Kramer says.
A worm could contain code to seek out those particular search engine lists. It wouldn't have to scan thousands, or tens of thousands, of pages to find its next target, Kramer says. The worm could just check the search engine's list of vulnerable sites, because every site on that list would be a good target.
Such lists are compiled by Google Inc., Yahoo Inc. and other leading search sites, Kramer says, and analysts agree that danger of their exploitation exists.
"The real difference that search engines bring is a new way that worms can find vulnerable systems," says John Pescatore, vice president for Internet security at Gartner Inc. "[Worms like] Code Red and Nimda just started pounding on the Internet, and you had time to react. The search engine attack is quieter, so worms can get further along without people noticing."
Access to a storehouse of such information could definitely speed up a worm, agrees Rob Enderle, principle analyst with The Enderle Group.
"The end result would be a much faster virus, one where the vulnerable sites [are] hit in the first wave, [the virus] creating massive damage long before the IT organization or virus protection companies can react," Enderle says. "Any place that aggregates information that could be used like this and then shares it would be an ideal place to start if you wanted to hit a lot of exposed sites at once."

No comment from sites
Representatives of the major search engines didn't want to comment on this technology or the likelihood that a worm could exploit information in this way.
Yahoo representatives declined to comment. A Google representative said, "Because of restrictions due to its quiet period, Google is unable to comment on this issue." However, a

Reprinted with permission from

For more PC news, visit PCWorld.com.
Story copyright 2009 PC World Communications. All rights reserved.