Skip the navigation

Latest Mydoom shows hackers using search engines for attacks

They're using them to find targets and spread worms

February 22, 2005 12:00 PM ET

Computerworld - Last week's Mydoom worm variant is the latest example of how some hackers are using search engines to spread worms, find easily exploitable targets and unearth vulnerability information for launching attacks (see story).
The @MM worm first discovered on Feb. 20 was a mass-mailing worm that used its own SMTP engine to send e-mails to addresses it gathered from compromised computers. The worm was also programmed to harvest e-mail addresses from search engines such as Google, AltaVista and Lycos and then use them to distribute itself further.
The worm was similar to last July's Mydoom-O variant, which flooded major search engines and briefly disrupted Google's availability with a similar automated e-mail address searching feature.
Last December's Sanity worm also used Google to search for and attack vulnerable systems by looking for certain specific text on Web sites powered by on open-source bulletin board package. Unlike Mydoom variants, which used the search engines only to harvest e-mail addresses, Sanity used search engines to actually find systems that could be attacked.
The appearance of such worms is an indication that Google hacking -- a term used to describe attacks involving the use of search engines -- is a potent threat, said George Kurtz, senior vice president of risk management at McAfee Inc.
"It's very likely we will see other worms do the same thing," said Graham Cluley, a senior technology consultant at security vendor Sophos PLC. "Search engines such as Google provide an extremely effective way" to gather information that can be used in attacks.
Companies might be surprised at the amount of information available using such search engines, Kurtz said. "It's all about coming up with the right search criteria. By crafting certain requests, you can pull back a lot of very specific information" that can reveal the existence of security flaws such as misconfigured servers, password files and vulnerable software.
The advanced search functions supported by today's popular Web search engines make it relatively easy for even novice hackers to scope out Web sites and gather vulnerability data from around the Internet, Kurtz said.
Google, like other search sites, allows allow users to restrict searches to specific Web sites and domains, to specific files within Web sites, and even to specific pieces of text within those files. Search engines also allow hackers to find out what Web server software version a company might be using, what its directory structure is and when a site was last updated
By using the right search criteria, hackers can turn Google and other search engines into sophisticated scanning engines that can quickly

Our Commenting Policies