Malware developers target Google Code

 

Gallery

Posted on 12 Jan 2009 at 10:58

Google's code hosting site is being used to spread malware, according to a McAfee security researcher.

The Google Code site is intended as a resource for developers to host and consult on new projects and code.

However, researchers at McAfee's Avert Labs have discovered that among the legitimate links, spammers are hosting fake videos which when clicked entice users to download a missing codec. Those that do, immediately download a Trojan which can be used to harvest passwords from the infected machine.

The researchers noted a similar issue on the MSN Spaces site around a year ago, but say this issue is far more serious.

"The difference between this and the MSN Spaces abuse that is now about a year old is that Google appears to automatically index code projects, so any Google-Jedi can generate a good list," says Dave Marcus, director of security research for McAfee Avert Labs on the company blogs.

Google says it will continue to work hard to remove malware from Google Code: "Google works hard to protect our users from malware. Using Project Hosting on Google Code, or any Google product, to serve or host malware is a violation of our product policies."

"Using automated tools, we actively work to detect and remove sites that serve malware from our network. We have removed many of these projects from Google Code and from our search results. Additionally, we'll continue to explore new ways to identify and eliminate such content."

Author: Stuart Turton