Could search sites spawn worms?

Worm attacks are bad enough by themselves, but some experts warn of an even more devastating variation: one that strikes at the application level instead of targeting network infrastructure, and spreads to Web sites through Web-based search engines.

Essentially, a smart worm could crawl into the data gathered by a search engine to identify the most vulnerable sites and target them, say some security experts and analysts.

List of victims

"Search engines basically crawl Web sites and all their links, and categorize them," says Shlomo Kramer, CEO and president of Imperva Inc., a Web application security company. Among the ways search site "bots" categorize sites is by their vulnerability.

"These vulnerabilities are indexed and saved in a very organized way, and are available for anybody to access," Kramer says.

A worm could contain code to seek out those particular search engine lists. It wouldn't have to scan thousands, or tens of thousands, of pages to find its next target, Kramer says. The worm could just check the search engine's list of vulnerable sites, because every site on that list would be a good target.

Such lists are compiled by Google Inc., Yahoo Inc., and other leading search sites, Kramer says, and analysts agree that danger of their exploitation exists.

"The real difference that search engines bring is a new way that worms can find vulnerable systems," says John Pescatore, vice president for Internet security at Gartner Inc. "(Worms like) Code Red and Nimda just started pounding on the Internet, and you had time to react. The search engine attack is quieter, so worms can get further along without people noticing."

Access to a storehouse of such information could definitely speed up a worm, agrees Rob Enderle, principle analyst with The Enderle Group.

"The end result would be a much faster virus, one where the vulnerable sites (are) hit in the first wave, (the virus) creating massive damage long before the IT organization or virus protection companies can react," Enderle says. "Any place that aggregates information that could be used like this and then shares it would be an ideal place to start if you wanted to hit a lot of exposed sites at once."

No comment from sites

Representatives of the major search engines did not want to comment on this technology or the likelihood that a worm could exploit information in this way.

Yahoo representatives declined to comment. A Google representative said, "Because of restrictions due to its quiet period, Google is unable to comment on this issue." However, a Google comment for this story was sought prior to the company's filing its intent for an initial public stock offering, and the company's response did not come until after its quiet period had begun.

Enderle suggests that most of the leading search sites maintain security of such information.

"The major engines are relatively secure, primarily to keep folks from hacking the sites," he says. "However, this data may be exposed to third-party applications and clients." He suspects that might be where security could be compromised and the information retrieved by a smart worm.

Slow starter, fast traveler

Fortunately, it would take a hacker with some serious coding knowledge to create a worm of this type.

"It requires more knowledge than the script kiddies have," Imperva's Kramer says, speaking of the inexperienced hackers who copy others' code rather than write their own. "But with a worm, a single person could anonymously attack many, many sites."

And unlike denial-of-service attacks that target specific sites, usually high-profile companies, these application-level attacks could target anyone, Kramer adds.

"You don't need to be a well-known company or bank to be attacked. The worms will go after anyone with an exposed application," he says.

While no such worms are yet known to be wriggling across the Net, plenty of application-level attacks have been performed manually.

"We recently did a penetration study on an online banking system. After 3 hours, we were able to transfer any amount of funds we wanted," Kramer says of a recent project for a client. "When we showed the company the results, we really had to convince them, because no alarms went off."

How to protect your site

The good news is that companies, in particular, can take several easy steps to keep their Web sites safe.

"Make sure that search engines don't index parts of your site that you don't want them to index," Gartner's Pescatore says. "There are different protocols that can keep the Googles of the world from going places you don't want them to go. It's a matter of good hygiene."

You can check search engines to find out what information they have about your company's site, too.

"It's good to know if there's anything embarrassing or dangerous on a search engine," Pescatore adds.

Also, some corporate firewall programs afford additional protection. Some are host-based, but others can run on your business network.

"Network-based products from companies like Imperva, Tipping Point (Technologies Inc.), Network Associates (Inc.), and others block access to the vulnerability," Pescatore says. "You don't need to see the attack first, you just need knowledge of the vulnerability. The host-based approaches block any worms from getting to your host, but you have to put (the program) on every single host."

Any product that blocks worms will work against application-level worms, however. "If you block access to the vulnerability, you block every form of attack, whether it found the vulnerability through a search engine, or (whether) it's just a 14-year-old kid trying to get in," he says.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Joel Strauch

PC World
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?