This article was published on August 23, 2009

Google at risk from ‘Zombie Computers’


Google at risk from ‘Zombie Computers’
Google at risk from Botnets
Large search engines like Google and Bing could be at risk from being used by cybercriminals to transmit instructions to botnets, networks of malware-infected, compromised computers.
The theory goes that compromised computers could be programmed to use Google (or any search engine) to find a unique keyword. Then, whenever the botnet’s creator wanted to issue new instructions to the ‘zombie army’ of computers (to commence a Distributed Denial of Service Attack, for example) they would create a web page containing the unique keyword and encoded encoded instructions.
With Google now indexing new sites incredibly quickly, it wouldn’t take long for computers in the botnet to find the instructions and carry them out. Speaking to PC World, Vaclav Vincalek of Pacific Coast Information Systems says:
“If the botnet starts using Google for special keywords and finds the code and executes, you can start using Google as the transmission of the code or instructions to these botnets,”
“Basically, (the search engines) will do the dirty work.”
While it doesn’t appear this form of malicious communication is currently being used by any botnets, it can only be a matter of time before someone tries. It was recently discovered that specially-created Twitter accounts were being used to send instructions to botnets.Large search engines like Google and Bing could be at risk from being used by cybercriminals to transmit instructions to botnets, networks of malware-infected, compromised computers.

Toothless Zombie on Flickr - http://www.flickr.com/photos/ateofiel/292853829/teofiel/292853829/Large search engines like Google and Bing could be at risk from being used by cybercriminals to transmit instructions to botnets –  networks of malware-infected, compromised, ‘zombie’ computers.

The theory goes that compromised computers could be programmed to use Google (or any search engine) to find a unique keyword. Then, whenever the botnet’s creator wanted to issue new instructions to the ‘zombie army’ of computers (to to send spam email, for example) they would create a web page containing the unique keyword and encoded instructions.

With Google now indexing new sites incredibly quickly, it wouldn’t take long for computers in the botnet to find the instructions and carry them out. Speaking to PC World, Vaclav Vincalek of Pacific Coast Information Systems says:

“If the botnet starts using Google for special keywords and finds the code and executes, you can start using Google as the transmission of the code or instructions to these botnets.

“Basically, (the search engines) will do the dirty work.”

While it doesn’t appear that this form of malicious communication is currently being used by any botnets, it can only be a matter of time before it’s tried. It was recently discovered that specially-created Twitter accounts were being used to send instructions to botnets.

The <3 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

[Image: Ateo Fiel on Flickr]

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with