Story image

Cybercrims ready to ride Google's Wave

12 Oct 09

A leading security company has warned that cybercriminals are ready to exploit Google’s latest technology.As interest in Google's Wave technology - the online giant's successor to old-fashioned email - peaks, so hackers and scammers will inevitably ride the coat tails of Wave Web searches and attempt to divert Internet users to malicious and infected sites, says Imperva, the data security specialist."Reports are already coming in of criminal hackers poisoning Google search results and you can expect similar scams to be pulled by hackers intent on routing Internet users to infected Web sites," said Amichai Shulman, Imperva's chief technology officer."This will almost certainly be achieved by hacking into large numbers of Web servers and injecting malware references into the system. The process will be automated using botnets, which will target SQL injection vulnerabilities in Web applications," he added.According to Shulman, the irony of this type of attack is that, in order to work out which servers to target, the hackers will probably use Google to search them out.The second stage of the attack methodology is to promote pages infected with malware by hacking into Web applications - which are mostly PHP-driven - and creating a revised index that includes link to the malware-infested pages.The problem facing the Internet industry, Shulman explains, is that, although companies tend to dismiss the chance of their applications being hacked due to a lack of public interest, this is not going to be the case with Google Wave search infections."Contemporary hacking campaigns are highly sophisticated and are engineered to select popular search terms on Google, and infect every possible related vulnerable target," he said."The net result of this is that, although Google itself is relatively impervious to hacking attacks, the weaknesses of ancillary Web search result supporting technologies makes it possible to subvert user clickthroughs to land on infected pages," he added.

MulteFire announces industrial IoT network specification
The specification aims to deliver robust wireless network capabilities for Industrial IoT and enterprises.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Schneider Electric's bets for the 2019 data centre industry
From IT and telco merging to the renaissance of liquid cooling, here are the company's top predictions for the year ahead.
China to usurp Europe in becoming AI research world leader
A new study has found China is outpacing Europe and the US in terms of AI research output and growth.
Google says ‘circular economy’ needed for data centres
Google's Sustainability Officer believes major changes are critical in data centres to emulate the cyclical life of nature.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.