Could search sites spawn worms?

Worm attacks are bad enough by themselves, but some experts warn of an even more devastating variation: one that strikes at the application level instead of targeting network infrastructure, and spreads to Web sites through Web-based search engines.

Essentially, a smart worm could crawl into the data gathered by a search engine to identify the most vulnerable sites and target them, say some security experts and analysts.

List of victims

"Search engines basically crawl Web sites and all their links, and categorize them," says Shlomo Kramer, CEO and president of Imperva Inc., a Web application security company. Among the ways search site "bots" categorize sites is by their vulnerability.

"These vulnerabilities are indexed and saved in a very organized way, and are available for anybody to access," Kramer says.

A worm could contain code to seek out those particular search engine lists. It wouldn't have to scan thousands, or tens of thousands, of pages to find its next target, Kramer says. The worm could just check the search engine's list of vulnerable sites, because every site on that list would be a good target.

Such lists are compiled by Google Inc., Yahoo Inc., and other leading search sites, Kramer says, and analysts agree that danger of their exploitation exists.

"The real difference that search engines bring is a new way that worms can find vulnerable systems," says John Pescatore, vice president for Internet security at Gartner Inc. "(Worms like) Code Red and Nimda just started pounding on the Internet, and you had time to react. The search engine attack is quieter, so worms can get further along without people noticing."

Access to a storehouse of such information could definitely speed up a worm, agrees Rob Enderle, principle analyst with The Enderle Group.

"The end result would be a much faster virus, one where the vulnerable sites (are) hit in the first wave, (the virus) creating massive damage long before the IT organization or virus protection companies can react," Enderle says. "Any place that aggregates information that could be used like this and then shares it would be an ideal place to start if you wanted to hit a lot of exposed sites at once."

No comment from sites

Representatives of the major search engines did not want to comment on this technology or the likelihood that a worm could exploit information in this way.

Yahoo representatives declined to comment. A Google representative said, "Because of restrictions due to its quiet period, Google is unable to comment on this issue." However, a Google comment for this story was sought prior to the company's filing its intent for an initial public stock offering, and the company's response did not come until after its quiet period had begun.

Enderle suggests that most of the leading search sites maintain security of such information.

"The major engines are relatively secure, primarily to keep folks from hacking the sites," he says. "However, this data may be exposed to third-party applications and clients." He suspects that might be where security could be compromised and the information retrieved by a smart worm.

Slow starter, fast traveler

Fortunately, it would take a hacker with some serious coding knowledge to create a worm of this type.

"It requires more knowledge than the script kiddies have," Imperva's Kramer says, speaking of the inexperienced hackers who copy others' code rather than write their own. "But with a worm, a single person could anonymously attack many, many sites."

And unlike denial-of-service attacks that target specific sites, usually high-profile companies, these application-level attacks could target anyone, Kramer adds.

"You don't need to be a well-known company or bank to be attacked. The worms will go after anyone with an exposed application," he says.

While no such worms are yet known to be wriggling across the Net, plenty of application-level attacks have been performed manually.

"We recently did a penetration study on an online banking system. After 3 hours, we were able to transfer any amount of funds we wanted," Kramer says of a recent project for a client. "When we showed the company the results, we really had to convince them, because no alarms went off."

How to protect your site

The good news is that companies, in particular, can take several easy steps to keep their Web sites safe.

"Make sure that search engines don't index parts of your site that you don't want them to index," Gartner's Pescatore says. "There are different protocols that can keep the Googles of the world from going places you don't want them to go. It's a matter of good hygiene."

You can check search engines to find out what information they have about your company's site, too.

"It's good to know if there's anything embarrassing or dangerous on a search engine," Pescatore adds.

Also, some corporate firewall programs afford additional protection. Some are host-based, but others can run on your business network.

"Network-based products from companies like Imperva, Tipping Point (Technologies Inc.), Network Associates (Inc.), and others block access to the vulnerability," Pescatore says. "You don't need to see the attack first, you just need knowledge of the vulnerability. The host-based approaches block any worms from getting to your host, but you have to put (the program) on every single host."

Any product that blocks worms will work against application-level worms, however. "If you block access to the vulnerability, you block every form of attack, whether it found the vulnerability through a search engine, or (whether) it's just a 14-year-old kid trying to get in," he says.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Joel Strauch

PC World
Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?