Daily cyber threats and internet security news: network security, online safety and latest security alerts
January 9th, 2009

Google Code Project Abused By Spam And Malware

Cybercrimianls have begun abusing Google code hosting projects to distribute malware. Google’s code-hosting project is the latest free service to be abused as the assault follows a bout of the same kind of abuse against Microsoft’s comparable MSN Spaces beta site dating back a year.

According to McAfee, clicking the image will take visitors to a fake codec download site. Repeated clicks will redirect to an adult site.

McAfee researcher Chris Barton explains how “new projects” on Google code offering illicit thrills redirect users to fake codec download sites and mucky video havens: “The difference between this and the MSN Spaces abuse that now about a year old is that Google appears to automatically index code projects,” Barton explains.

Barton, who points to an incident of continued abuse on MSN Spaces beta (specially a rogue “project” that links to a penis pill site), hopes Google is more proactive in cleaning up its act. He offers a few preliminary suggestions on how the problem might be nipped in the bud, or at least mitigated against.

“I trust Google would like to appear less evil and will take more decisive action. I’d suggest mashing code and safe browsing together but it appears not to find anything wrong with the clickable links, though it did catch on after some redirection took place.”

Share this item with others:

More on CyberInsecure:
  • Google Docs Abused In Latest Spam Technique
  • Microsoft’s CAPTCHA Under Spammers Attack Again
  • Late Valentine E-cards By Storm Trojan
  • Number Of Infected PDF Files On The Rise, .RU Most Abused By Malware Hosters
  • Cross-Site Scripting Vulnerability On Helps Malware Spam Distributors

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Google Code Project Abused By Spam And Malware

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.