Google has removed malicious programs from its Google Code platform after Web firm zScaler said the company’s servers were being used to serve malicious code.
With its size and breadth, Google’s finding it harder than ever these days to live up to its founders pledge to “not be evil” – or, at least, not to aid those who are bent on being evil.
The latest example comes from Web security firm zScaler, which reported on its research blog Wednesday that it had discovered malicious programs being hosted and served from the Google Code Web site. A Google spokesman said that the company has removed the project hosting the malicious programs for violating its terms of service.
The response came after a warning from ZScaler researcher Umesh Wanve, who wrote on the zScaler research blog that the company’s Web crawling technology discovered malware including malicious downloader programs, Trojan horses, backdoor programs and password stealing key logging programs that target massively multi player online games like World of Warcraft. The malicious programs were undetectable by standard anti virus programs. Of those that were detectable, researchers noted a downloader program identified as Agent-IUW or Thed.B. One of the downloader programs was found to pull other components, also from the Google Code site.
Launched in 2005, Google Code is a free, Web based platform that provides tools and resources to developers interested in working on Google-related open source software projects or projects that leverage Google services. The company provides source code as well as tools such as APIs (Application Program Interfaces) for developer to use. The site is loosely managed and free – creating an ideal environment for malicious actors. Google claims it does scan the site for malicious programs and removes them when they are found.
“Google actively works to
protect our users from malware. Using Google Code, or any of our products, for
distribution or coordination of malware is a violation of our product policies,
and we will remove any projects discovered to be used for these purposes,” a Google spokesman responded in an e-mail message to Threatpost.com.
It is unclear how long the latest files have been hosted, but zScaler claims one executable dates to late June, 2010, creating the possibility that Google may have been hosting some or all of the malware for over two months. Google has not yet responded to questions about how long the malware was hosted on its servers.
This isn’t the first time that Google Code has been found hosting malicious code. Anti malware vendor McAfee discovered malicious programs on the site in early 2009.
Analyzer on
Last year (2009) I experienced a bug of some type that was not found by KIS2009, and basically necessitated the reformatting of two computers - after it was scrubbed by multiple antivirus software packages. I have stopped all game players from using any PC I have on the net. This is probably an extreme paranoid reaction, since the infections can come from the social networking sites (which I avoid, but my wife does not). I have found no perfect firewall, but KIS2010 has been very effective since my last, expensive experience. I have learned to keep important data off-line as much as possible as well as paying attention to backup and recovery procedures. I am alarmed at the extent of potential attacks and damage that can be inflicted on society in general. The most anyone could get from me is rather mundane research and contacts that are not too important, but I hate to be a victim. I also dislike the necessity of spending so much time and money to stop malicious activities.