informa
/
2 MIN READ
Commentary

Google Hosts More Malware Than Anyone Else

Security firm Sophos has been poking around the Internet on the hunt for malware and found out that Google's Blogger service is the world's No. 1 repository for the evil code. Some 2% of all malware can be found on Google's servers. Google, time to clean house.
Security firm Sophos has been poking around the Internet on the hunt for malware and found out that Google's Blogger service is the world's No. 1 repository for the evil code. Some 2% of all malware can be found on Google's servers. Google, time to clean house.Blogging services are rife with malware because just about anyone can set up a blog without having to provide positive identification. Sophos, which makes antivirus software, is constantly poking about for malware. Sophos finds a Web page with nasty code 12 times per minute, with 16,000 naughty Web pages discovered each day.

Sophos senior technology consultant Graham Cluley said, "Blogger accounts for around 2% of malware. It's head and shoulders above the rest of the blogging services. The attraction for the bad guys in targeting Blogger is that things pretty much get spidered instantly into Google, because Blogger is part of Google."

Sophos notes that hackers both set up malicious blogs on Blogger, and inject dangerous Web links and content into innocent blogs in the form of comments. The most-oft used form of attack is the SQL injection, which exploits security vulnerabilities and inserts malicious code into the database running a Web site. Companies whose Web sites have been struck by such an attack often clean up their database, only to be infected again a few hours later. Users who visit the affected Web sites risk having their computer taken over by hackers, and their personal banking information stolen by identity thieves.

Google isn't sitting idly by. It is doing its best to parse search results for malicious Web sites and keep them from being linked to. But the search isn't perfect. Sophos said it's a difficult job, at best.

Cluley said, "You could post a link into someone's blog and even if you checked that link at the time, it may be totally harmless. In 20 minutes time the hacker says 'OK, Google's now checked me, now I'll update the page'. So you have to continually scan all of the links on all of the blog pages to do this properly. Which basically is another whole new Google, re-spidering the Web to check if there's something malicious there."

The good news is that Google, Sophos, and others are doing their best to prevent malware from spreading.

Editor's Choice
Samuel Greengard, Contributing Reporter
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing