Google Code fast becoming hackers' malware mule

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.v3.co.uk/v3-uk/news/2289683/google-code-fast-becoming-hackers-malware-mule

A second cyber attack that hides malware in Google Code has been
found, according to Zscaler researchers.

Zscaler's Pradeep Kulkarni reported finding the malware, claiming in a
public blog post that attackers are targeting vulnerabilities in
Google's validation procedures. "Recently we blogged about Google Code
hosting malware. Within a month we have observed a second instance
where malicious .jar files are being hosted on Google Code," said
Kulkarni.

"Using Google code to distribute malware seems to be increasing in
popularity, no doubt due not only to the free hosting provided, but
also to the positive reputation of the Google.com domain. This
indicates that there is presently inadequate validation performed by
Google prior to content being uploaded to the Google Code site."

The original Google Code attack was uncovered by Zscaler
ThreatLabZsecurity researcher Chris Mannon at the start of August.
Unlike the first incident, Kulkarni said the second outbreak hides
malware on the hxxp://update-java.googlecode.com and
hxxps://code.google.com/p/update-java URLs. He said that, while
troubling, the architecture of the attack indicates that the hackers'
only goal is to store malware in Google Code.

"The two projects are hosted on 'code.google.com' by the same uploader
who has an email ID of 'daicadad... () gmail com'. The second project is
also currently live (hosted at
"hxxp://code.google.com/p/update-java-download") and contains the same
'Client.jar' file. You will note that other links within the projects
like Project Home, Wiki and Issues contain minimal information about
the project, suggesting that malware-hosting was the only goal," he
wrote.

Kulkarni noted that the malware has likely been hiding in Google code
for some time, predicting that the number of attacks targeting the
platform will continue until the company adds more robust security.

"In the past, we have seen sites such as Dropbox, Google Code and
other free hosting providers being leveraged to deliver malware. Free
hosting providers, especially those with a positive reputation are
becoming popular for attackers to serve malicious content. Enterprises
and end users alike, should consider any third-party content,
regardless of location, to be untrusted until it has been
appropriately scanned," he wrote.

Zscaler is one of many companies to criticise Google's security
protocols. Independent security researcher Elliott Kember came to
blows with the company earlier this month over how Google's Chrome
browser stores passwords.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.