PDA

View Full Version : New Google Security Risk!


myrmaad
01-04-08, 10:39
Google searchers could end up with a new type of bug (http://www.usatoday.com/money/industries/technology/2008-03-31-javascript-hackers_N.htm)

By Byron Acohido and Jon Swartz, USA TODAY
Cybercrooks are manipulating the computer code used to put the pizazz in millions of websites in hopes of taking over unsuspecting consumers' PCs.
The vulnerability occurs when someone does a Google search, then clicks on a result that has been secretly tainted by hackers. They will usually be taken to the Web page they expect. But at the same time, they are invisibly redirected to a computer server that installs a hidden program.
This program enables hackers to use the PC to spread spam and carry out scams. Typically, it also lets the attacker embed a keystroke logger, which collects and transmits your passwords and any other sensitive data you type online.


Any website indexed by Google (GOOG) (http://stocks.usatoday.com/custom/usatoday-com/html-quote.asp?symb=goog) that fails to carefully handle JavaScript the coding that activates many cool Web features, such as changing the color of a button when someone mouses over it is a potential target. That's seven in 10 sites, says tech security firm WhiteHat Security. Hackers have discovered ways to trick the website application to run malicious JavaScripts.


"We're in a phase where one or two smart guys are attacking a few dozen major websites," says David Dewey, manager of IBM's X-Force security division. "In the next few weeks I would expect to see copycats attacking hundreds of high-profile websites."


Attackers have secretly corrupted Google results that direct traffic to Wired, CNet, TV.com, USATODAY.com, ZDNet Asia, History.com and many universities, says Dancho Danchev, a Netherlands-based security researcher, and Finjan Software, an Israeli security firm.


Most Google search results are safe. But in March alone Dewey and other security researchers found several hundred thousand corrupted Web pages returned in common Google search queries. They fear crime groups have just begun to take advantage.


Google issued a statement saying it is helping affected websites fix the problem and is also developing new tools "to detect and block" malicious Web pages.


Security experts say consumers can protect themselves by keeping anti-virus subscriptions and software updates current. Running an anti-virus scan may help repair infected PCs, although more serious fixes may be necessary.
Spokespeople for USATODAY.com and Wired said each blocked the attacks as soon as they were discovered. CNet, owner of TV.com and ZDNet Asia, declined to comment. History.com did not respond to queries.


"It should be the responsibility of the website operators to stop exposing people to risk as soon as possible," says Billy Hoffman, a security researcher at Hewlett-Packard. Gail Hillebrand, senior attorney at Consumers Union, agrees.


Attackers have taken advantage of JavaScript before, but usually on individual sites. The search engine trick which has been focused on Google, though it could work on Yahoo and MSN search engines is new, Danchev says.


Attackers are thrilled "to capture even a small percent of the traffic" of a big site, Finjan's Yuval Ben-Itzhak says.

rowanlim
01-04-08, 11:05
Awwww man...Google is my favorite search engine...Does it mean I can't use it anymore? :(

TheStoryteller
01-04-08, 11:08
April Foooooooools :D

myrmaad
01-04-08, 11:09
You have to be careful of Javascript. Which browser are you using? If you use Firefox you can get an Addon called "NoScript"; I've been using it for months and months maybe a year.

http://noscript.net/

myrmaad
01-04-08, 11:16
April Foooooooools :D

Not so.

http://www.channelregister.co.uk/2008/03/06/googe_iframe_piggybacking/
http://www.vnunet.com/vnunet/news/2213090/search-engine-attack-lingers
http://www.itbusinessedge.com/blogs/top/?p=306
http://www.editorsweblog.org/web_20/2008/04/us_usa_today_among_websites_targeted_by.php

TheStoryteller
01-04-08, 11:41
Not so.

http://www.channelregister.co.uk/2008/03/06/googe_iframe_piggybacking/
http://www.vnunet.com/vnunet/news/2213090/search-engine-attack-lingers
http://www.itbusinessedge.com/blogs/top/?p=306
http://www.editorsweblog.org/web_20/2008/04/us_usa_today_among_websites_targeted_by.php

the first link is dated 06.03. but theres that suspicious updated visible.

the next 2 are dated 31.03/01.04.

the last had my browser crashed twice in a row. very funny.

doesn't the line "Independent security consultant Dancho Danchev" in the 3rd link ring a bell? :vlol:

myrmaad
01-04-08, 11:55
Story ran on my local newscast this morning, and I used the search term "Danchev". What's wrong with Independent researchers?

EgyptianSoul
01-04-08, 12:08
Another new annoyance. :rolleyes: Well gotta be careful always.

Larapink
01-04-08, 12:10
Another new annoyance. :rolleyes: Well gotta be careful always.
Agreed.

Punaxe
01-04-08, 17:19
Actually, Google checks all sites it indexes for such hacks and malware and displays a warning when a site does not live up to its security standards.


If you stil don't feel safe though, I can recommend Opera (http://www.opera.com/) which is the safest browser available :tmb:

You have to be careful of Javascript. Which browser are you using? If you use Firefox you can get an Addon called "NoScript"; I've been using it for months and months maybe a year.

http://noscript.net/

This, among almost every other most-used Firefox addon, is a standard feature of Opera.

myrmaad
01-04-08, 17:22
It's a standard feature of I.E. and Firefox, too, the addon is the souped up version. Once you install it, it's on...

Geck-o-Lizard
01-04-08, 17:25
Um, Firefox allows you to disable Javascript right from the beginning. :confused:

myrmaad
01-04-08, 17:29
http://www.tombraiderforums.com/showpost.php?p=2606900&postcount=11

Cochrane
01-04-08, 20:37
So they use the site's search to add XSS and then use Google's URL cache to make it sticky. Sneaky. If it wasn't being used for malicious purposes I would have said it was a very cool thing, actually.

The lesson of the day for all web developers: All that comes from clients has to be checked before doing anything with it. I got to keep that in mind when I ever do something with PHP again.

croft94
01-04-08, 20:44
Damn! stupid hackers, cant hey get a life?

Cochrane
01-04-08, 20:46
Damn! stupid hackers, cant hey get a life?

They have. Hacking pays well, sadly. The only way to stop them is to change that.

thecentaur
01-04-08, 20:49
there are tons more [and better] alternatives to google, eg, vivisimo, cactisearch, etc. we learned about these in school :o i use metasearch engines more than google.

Drone
01-04-08, 20:49
Damn! stupid hackers, cant hey get a life?

Hackers have vices but they're definitely not stupid ;)

Cochrane
01-04-08, 20:50
there are tons more [and better] alternatives to google, eg, vivisimo, cactisearch, etc. we learned about these in school :o i use metasearch engines more than google.

Metacrawlers won't protect you from this attack.

thiagosmr
01-04-08, 21:02
Just have to use a good antivirus and firewall!!! That will solve it!

Sir Croft
05-04-08, 02:32
Installed NoScript, when will Google fix this bug then? =P

ben croft
05-04-08, 03:47
We are talking about Internet... expect everything... :D

Cochrane
05-04-08, 09:27
Installed NoScript, when will Google fix this bug then? =P

It's not a bug in Google. It's a bug in third-party websites that can be exploited using Google.

Sir Croft
05-04-08, 16:22
Oh, I get it now. :p