Latest Mydoom shows hackers using search engines for attacks
They're using them to find targets and spread worms
Computerworld - Last week's Mydoom worm variant is the latest example of how some hackers are using search engines to spread worms, find easily exploitable targets and unearth vulnerability information for launching attacks (see story).
The Mydoom.be @MM worm first discovered on Feb. 20 was a mass-mailing worm that used its own SMTP engine to send e-mails to addresses it gathered from compromised computers. The worm was also programmed to harvest e-mail addresses from search engines such as Google, AltaVista and Lycos and then use them to distribute itself further.
The worm was similar to last July's Mydoom-O variant, which flooded major search engines and briefly disrupted Google's availability with a similar automated e-mail address searching feature.
Last December's Sanity worm also used Google to search for and attack vulnerable systems by looking for certain specific text on Web sites powered by on open-source bulletin board package. Unlike Mydoom variants, which used the search engines only to harvest e-mail addresses, Sanity used search engines to actually find systems that could be attacked.
The appearance of such worms is an indication that Google hacking -- a term used to describe attacks involving the use of search engines -- is a potent threat, said George Kurtz, senior vice president of risk management at McAfee Inc.
"It's very likely we will see other worms do the same thing," said Graham Cluley, a senior technology consultant at security vendor Sophos PLC. "Search engines such as Google provide an extremely effective way" to gather information that can be used in attacks.
Companies might be surprised at the amount of information available using such search engines, Kurtz said. "It's all about coming up with the right search criteria. By crafting certain requests, you can pull back a lot of very specific information" that can reveal the existence of security flaws such as misconfigured servers, password files and vulnerable software.
The advanced search functions supported by today's popular Web search engines make it relatively easy for even novice hackers to scope out Web sites and gather vulnerability data from around the Internet, Kurtz said.
Google, like other search sites, allows allow users to restrict searches to specific Web sites and domains, to specific files within Web sites, and even to specific pieces of text within those files. Search engines also allow hackers to find out what Web server software version a company might be using, what its directory structure is and when a site was last updated
By using the right search criteria, hackers can turn Google and other search engines into sophisticated scanning engines that can quickly
- Fight Malware, Malfeasance and Malingering Every year brings more extreme sets of threats than the last. The good news is that there are a range of mitigation options....
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Malware and Vulnerabilities White Papers | Webcasts