Cyber criminals already beginning to ride Google’s Wave

6 Oct 2009

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Hackers and scammers are inevitably going to ride Google’s Wave technology, which purports to be the successor of traditional email, and will try and divert users to malicious and infected sites.

Data security specialist Imperva said reports are already coming in of hackers poisoning Google search results.

“You can expect similar scams to be pulled by hackers intent on routing internet users to infected websites,” said Amichai Shulman, Imperva’s chief technology officer.

“This will almost certainly be achieved by hacking into large numbers of web servers and injecting malware references into the system. The process will be automated using botnets, which will target SQL injection vulnerabilities in web applications,” he added.

According to Shulman, the irony of this type of attack is that, in order to work out which servers to target, the hackers will probably use Google to search them out.

The second stage of the attack methodology, he explained, is to promote pages infected with malware by hacking into web applications – which are mostly PHP-driven – and creating a revised index that includes links to the malware-infested pages.

The problem facing the internet industry, he explained, is that, although companies tend to dismiss the chance of their applications being hacked due to a lack of public interest, this is not going to be the case with Google Wave search infections.

“Contemporary hacking campaigns are highly sophisticated and are engineered to select popular search terms on Google, and infect every possible related vulnerable target,” Shulman said.

“The net result of this is that, although Google itself is relatively impervious to hacking attacks, the weaknesses of ancillary web search-result supporting technologies makes it possible to subvert user clickthroughs to land on infected pages,” Shulman added.

By John Kennedy

Photo: Reports are already coming in of hackers poisoning Google Wave search results, data security specialist Imperva has said.

Editor John Kennedy is an award-winning technology journalist.

editorial@siliconrepublic.com