Google Code Discovered Serving Malware

Google has removed malicious programs from its Google Code platform after Web firm zScaler said the company’s servers were being used to serve malicious code.

Google has removed malicious programs from its Google Code platform after Web firm zScaler said the company’s servers were being used to serve malicious code.

HED: Google serving up malware from Google Code project, firm alleges
DEK: Web firm zScaler says that Google’s CODE platform is being used to host and serve malicious code. 
With its size and breadth, Google’s finding it harder than ever to live up to its founders pledge to “not be evil” – or at least to not aid those who are bent on being evil. 
The latest example comes from Web security firm zScaler, which reported on its research blog Wednesday that it had discovered malicious programs being hosted and served from the Google Code Web site. A Google spokesman said that the company has removed the project hosting the malicious programs for violating its terms of service. 
“”Google actively works to protect our users from malware. Using Google Code, or any of our products, for distribution or coordination of malware is a violation of our product policies, and we will remove any projects discovered to be used for these purposes.”
The warning came after ZScaler researcher Umesh Wanve wrote that the company’s Web crawling technology discovered malware including malicious downloader programs, Trojan horses, backdoor programs and password stealing keylogging programs that target massively multiplayer online games like World of Warcraft. The malicious programs were believed to be of Chinese origin, and many were undetectable by standard anti virus programs. Of those that were detectable, researchers noted a downloader program identified as Agent-IUW or  Thed.B. (http://research.zscaler.com/2010/09/google-code-hosting-website-used-to.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+zscaler/research+(Zscaler+Research)). One of the downloader programs was found to download other malicious components, also from the Google Code site. 
Launched in 2005, Google COde (http://code.google.com/) is a free, Web based platform that provides tools and resources to developers (https://threatpost.com/google-releases-web-app-security-course-050410/) interested in working on Google-related open source software projects or projects that leverage Google services. The company provides source code as well as tools such as APIs (Application Program Interfaces) for developer to use. The site is loosely managed and free – creating an ideal environment for malicious actors. Google claims it does scan the site for malicious programs and removes them when they are found. It is unclear how long the latest files have been hosted, but zScaler claims one executable dates to late June, 2010, creating the possibility that Google may have been hosting some or all of the malware for over two months. 
This isn’t the first time that Google CODE has been found hosting malicious code. Anti malware vendor McAfee discovered malicious programs on the site in early 2009. (http://news.cnet.com/8301-1009_3-10139410-83.html) 

With its size and breadth, Google’s finding it harder than ever these days to live up to its founders pledge to “not be evil” – or, at least, not to aid those who are bent on being evil. 

The latest example comes from Web security firm zScaler, which reported on its research blog Wednesday that it had discovered malicious programs being hosted and served from the Google Code Web site. A Google spokesman said that the company has removed the project hosting the malicious programs for violating its terms of service. 

The response came after a warning from ZScaler researcher Umesh Wanve, who wrote on the zScaler research blog that the company’s Web crawling technology discovered malware including malicious downloader programs, Trojan horses, backdoor programs and password stealing key logging programs that target massively multi player online games like World of Warcraft. The malicious programs were undetectable by standard anti virus programs. Of those that were detectable, researchers noted a downloader program identified as Agent-IUW or  Thed.B. One of the downloader programs was found to pull other components, also from the Google Code site. 

Launched in 2005, Google Code is a free, Web based platform that provides tools and resources to developers interested in working on Google-related open source software projects or projects that leverage Google services. The company provides source code as well as tools such as APIs (Application Program Interfaces) for developer to use. The site is loosely managed and free – creating an ideal environment for malicious actors. Google claims it does scan the site for malicious programs and removes them when they are found.

“Google actively works to
protect our users from malware. Using Google Code, or any of our products, for
distribution or coordination of malware is a violation of our product policies,
and we will remove any projects discovered to be used for these purposes,” a Google spokesman responded in an e-mail message to Threatpost.com. 

It is unclear how long the latest files have been hosted, but zScaler claims one executable dates to late June, 2010, creating the possibility that Google may have been hosting some or all of the malware for over two months. Google has not yet responded to questions about how long the malware was hosted on its servers.

This isn’t the first time that Google Code has been found hosting malicious code. Anti malware vendor McAfee discovered malicious programs on the site in early 2009.  

Suggested articles