Latest Mydoom shows hackers using search engines for attacks
They're using them to find targets and spread worms
Computerworld - Last week's Mydoom worm variant is the latest example of how some hackers are using search engines to spread worms, find easily exploitable targets and unearth vulnerability information for launching attacks (see story).
The Mydoom.be @MM worm first discovered on Feb. 20 was a mass-mailing worm that used its own SMTP engine to send e-mails to addresses it gathered from compromised computers. The worm was also programmed to harvest e-mail addresses from search engines such as Google, AltaVista and Lycos and then use them to distribute itself further.
The worm was similar to last July's Mydoom-O variant, which flooded major search engines and briefly disrupted Google's availability with a similar automated e-mail address searching feature.
Last December's Sanity worm also used Google to search for and attack vulnerable systems by looking for certain specific text on Web sites powered by on open-source bulletin board package. Unlike Mydoom variants, which used the search engines only to harvest e-mail addresses, Sanity used search engines to actually find systems that could be attacked.
The appearance of such worms is an indication that Google hacking -- a term used to describe attacks involving the use of search engines -- is a potent threat, said George Kurtz, senior vice president of risk management at McAfee Inc.
"It's very likely we will see other worms do the same thing," said Graham Cluley, a senior technology consultant at security vendor Sophos PLC. "Search engines such as Google provide an extremely effective way" to gather information that can be used in attacks.
Companies might be surprised at the amount of information available using such search engines, Kurtz said. "It's all about coming up with the right search criteria. By crafting certain requests, you can pull back a lot of very specific information" that can reveal the existence of security flaws such as misconfigured servers, password files and vulnerable software.
The advanced search functions supported by today's popular Web search engines make it relatively easy for even novice hackers to scope out Web sites and gather vulnerability data from around the Internet, Kurtz said.
Google, like other search sites, allows allow users to restrict searches to specific Web sites and domains, to specific files within Web sites, and even to specific pieces of text within those files. Search engines also allow hackers to find out what Web server software version a company might be using, what its directory structure is and when a site was last updated
By using the right search criteria, hackers can turn Google and other search engines into sophisticated scanning engines that can quickly
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- 10 Things Your Next Firewall Must do Next-Generation Firewalls Defined
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Malware and Vulnerabilities White Papers | Webcasts