Commentary
Google Hosts More Malware Than Anyone Else
Security firm Sophos has been poking around the Internet on the hunt for malware and found out that Google's Blogger service is the world's No. 1 repository for the evil code. Some 2% of all malware can be found on Google's servers. Google, time to clean house.Security firm Sophos has been poking around the Internet on the hunt for malware and found out that Google's Blogger service is the world's No. 1 repository for the evil code. Some 2% of all malware can be found on Google's servers. Google, time to clean house.Blogging services are rife with malware because just about anyone can set up a blog without having to provide positive identification. Sophos, which makes antivirus software, is constantly poking about for malware. Sophos finds a Web page with nasty code 12 times per minute, with 16,000 naughty Web pages discovered each day.
Sophos senior technology consultant Graham Cluley said, "Blogger accounts for around 2% of malware. It's head and shoulders above the rest of the blogging services. The attraction for the bad guys in targeting Blogger is that things pretty much get spidered instantly into Google, because Blogger is part of Google."
More Internet Insights
White Papers
- Creating the Enterprise-Class Tablet Environment - by Yankee Group
- How To Regain IT Control In An Increasingly Mobile World - by BlackBerry
Reports
- How Google+, Facebook Impact Corporate Strategy: Social Media and IT at a Crossroads
- Strategy: Enterprise Social Network Buyer's Guide
Webcasts
- Maximize ROI with Database Consolidation onto Private Clouds
- Outsourcing Security: What Every Potential Cloud Security Customer Should Know
Sophos notes that hackers both set up malicious blogs on Blogger, and inject dangerous Web links and content into innocent blogs in the form of comments. The most-oft used form of attack is the SQL injection, which exploits security vulnerabilities and inserts malicious code into the database running a Web site. Companies whose Web sites have been struck by such an attack often clean up their database, only to be infected again a few hours later. Users who visit the affected Web sites risk having their computer taken over by hackers, and their personal banking information stolen by identity thieves.
Google isn't sitting idly by. It is doing its best to parse search results for malicious Web sites and keep them from being linked to. But the search isn't perfect. Sophos said it's a difficult job, at best.
Cluley said, "You could post a link into someone's blog and even if you checked that link at the time, it may be totally harmless. In 20 minutes time the hacker says 'OK, Google's now checked me, now I'll update the page'. So you have to continually scan all of the links on all of the blog pages to do this properly. Which basically is another whole new Google, re-spidering the Web to check if there's something malicious there."
The good news is that Google, Sophos, and others are doing their best to prevent malware from spreading.
Related Reading
 |
To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. |
|
T-Shirt Giveaway: Each week we're selecting one great comment from our readers. The author of the comment will receive an InformaitonWeek Community t-shirt. So get posting! |
Subscribe to RSSResource Links
This Week's Issue
Technology Whitepapers
- Mobile BI: Actionable Intelligence for the Agile Enterprise
- Creating the Enterprise-Class Tablet Environment - by Yankee Group
- How To Regain IT Control In An Increasingly Mobile World - by BlackBerry
- Red Alert: Why Tablet Security Matters - by BlackBerry
- New Visual and Wizard-Driven Paradigms for Exploring Data and Developing Analytic Workflows
Featured Resource
Download this whitepaper and find out how to easily manage web content by categorizing it into a discrete number of categories.
Learn More
