Related Links

  • Google Wave
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Related Stories

  • Swiss watchdog takes aim at Google Street View
    Google Street View, the rapidly expanding interactive mapping service from Google which allows internet users to view images of a road or street that have been taken by a roving camera van, is potentially under fire from the Swiss data protection commission on the privacy and security front.
  • Twitter company files leaked in Cloud Computing security failure
    Twitter has once again been hit by a lapse of security, this time with a hacker posting a set of internal company documents from the Twitter site and service, lifted from the GoogleApps online data sharing and collaboration system.

Top 5 Stories


Cybercriminals set to ride Google's Wave

08 October 2009

As interest in Google's Wave technology peaks, hackers and scammers will inevitably ride the coat tails of Wave web searches and attempt to divert internet users to malicious and infected sites, according to a data security consultancy firm.

Google's Wave technology, which was announced at the company's I/O conference in May, is billed as a the successor to email.

The online technology - which also supports limited offline functionality - is said to merge email, instant messaging, wiki and social networking technology into an interactive multi-user conferencing system that does not operate in real time.

The service, which was released to 100 000 beta test users at the start of this month, is already generating headlines and, says Amichai Shulman, CTO of Imperva, the data security consultancy, will attract the interests of malware developers.

"Reports are already coming in of criminal hackers poisoning Google search results and you can expect similar scams to be pulled by hackers intent on routing internet users to infected websites," he said.

"This will almost certainly be achieved by hacking into large numbers of web servers and injecting malware references into the system. The process will be automated using botnets, which will target SQL injection vulnerabilities in web applications".

According to Shulman, the irony of this attack scenario is that, in order to deduce which servers to target, the hackers will probably use Google to search them out.

The second stage of the attack methodology, he explained, is to promote pages infected with malware by hacking into web applications - which are mostly PHP-driven - and creating a revised index that includes link to the malware-infested pages.

The problem facing the internet industry, he went on to say, is that although companies tend to dismiss the chance of their applications being hacked due to a lack of public interest, this is not going to be the case with Google Wave search infections.

"Contemporary hacking campaigns are highly sophisticated and are engineered to select popular search terms on Google, and infect every possible related vulnerable target", he said.

"The net result of this is that although Google itself is relatively impervious to hacking attacks, the weaknesses of ancillary web search result supporting technologies makes it possible to subvert user clickthroughs to land on infected pages," he added.

This article is featured in:
Internet and Network Security  •  Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×