Large search engines like Google and Bing could be at risk from being used by cybercriminals to transmit instructions to botnets – networks of malware-infected, compromised, ‘zombie’ computers.
The theory goes that compromised computers could be programmed to use Google (or any search engine) to find a unique keyword. Then, whenever the botnet’s creator wanted to issue new instructions to the ‘zombie army’ of computers (to to send spam email, for example) they would create a web page containing the unique keyword and encoded instructions.
With Google now indexing new sites incredibly quickly, it wouldn’t take long for computers in the botnet to find the instructions and carry them out. Speaking to PC World, Vaclav Vincalek of Pacific Coast Information Systems says:
“If the botnet starts using Google for special keywords and finds the code and executes, you can start using Google as the transmission of the code or instructions to these botnets.
“Basically, (the search engines) will do the dirty work.”
While it doesn’t appear that this form of malicious communication is currently being used by any botnets, it can only be a matter of time before it’s tried. It was recently discovered that specially-created Twitter accounts were being used to send instructions to botnets.
[Image: Ateo Fiel on Flickr]