Latest Mydoom shows hackers using search engines for attacks
They're using them to find targets and spread worms
Computerworld - Last week's Mydoom worm variant is the latest example of how some hackers are using search engines to spread worms, find easily exploitable targets and unearth vulnerability information for launching attacks (see story).
The Mydoom.be @MM worm first discovered on Feb. 20 was a mass-mailing worm that used its own SMTP engine to send e-mails to addresses it gathered from compromised computers. The worm was also programmed to harvest e-mail addresses from search engines such as Google, AltaVista and Lycos and then use them to distribute itself further.
The worm was similar to last July's Mydoom-O variant, which flooded major search engines and briefly disrupted Google's availability with a similar automated e-mail address searching feature.
Last December's Sanity worm also used Google to search for and attack vulnerable systems by looking for certain specific text on Web sites powered by on open-source bulletin board package. Unlike Mydoom variants, which used the search engines only to harvest e-mail addresses, Sanity used search engines to actually find systems that could be attacked.
The appearance of such worms is an indication that Google hacking -- a term used to describe attacks involving the use of search engines -- is a potent threat, said George Kurtz, senior vice president of risk management at McAfee Inc.
"It's very likely we will see other worms do the same thing," said Graham Cluley, a senior technology consultant at security vendor Sophos PLC. "Search engines such as Google provide an extremely effective way" to gather information that can be used in attacks.
Companies might be surprised at the amount of information available using such search engines, Kurtz said. "It's all about coming up with the right search criteria. By crafting certain requests, you can pull back a lot of very specific information" that can reveal the existence of security flaws such as misconfigured servers, password files and vulnerable software.
The advanced search functions supported by today's popular Web search engines make it relatively easy for even novice hackers to scope out Web sites and gather vulnerability data from around the Internet, Kurtz said.
Google, like other search sites, allows allow users to restrict searches to specific Web sites and domains, to specific files within Web sites, and even to specific pieces of text within those files. Search engines also allow hackers to find out what Web server software version a company might be using, what its directory structure is and when a site was last updated
By using the right search criteria, hackers can turn Google and other search engines into sophisticated scanning engines that can quickly
- Deep Security +VMware vSphere with Operations Management Most midsize organizations are highly virtualized on VMware, and while this has produced significant savings, it also has created new challenges when it...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- DDoS Infographic: How Are Attacks Evolving? For the third consecutive year, Neustar surveyed businesses across major industries to track the evolution of DDoS attacks. Are they more frequent? Larger?...
- How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks Threat sharing networks have been around for a long time, however they have typically been "invitation-only", available to only large companies, or those...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Malware and Vulnerabilities White Papers | Webcasts