• On TechRepublic: Five super-secret features in Windows 7
advertisementGet Smart about Business Spending
January 9, 2009 5:18 PM PST

McAfee: Google developer site being used to distribute malware

by Elinor Mills

Google's free code-hosting Web site for developers is being used to distribute malware, a security researcher said on Friday.

Google Code is a place where programmers can host projects and code. Along with the legitimate code are links to fake videos that direct users to download a missing codec, said Dave Marcus, director of security research for McAfee Avert Labs. The codecs turn out instead to be password-stealing Trojan horses and programs geared toward stealing financial information for identity fraud, he said.

"They're using it as a way to send out links or as a place to house their links and redirects because it's Google and obviously it gets highly ranked in the index," he said. "The bad guys look for services like this as a way to push out code."

A Google spokesman said the company has removed malware-distributing projects from Google Code and search results.

"Google works hard to protect our users from malware. Using Project Hosting on Google Code, or any Google product, to serve or host malware is a violation of our product policies," the spokesman said in a statement. "Using automated tools, we actively work to detect and remove sites that serve malware from our network. We have removed many of these projects from Google Code and from our search results. Additionally, we'll continue to explore new ways to identify and eliminate such content."

The problem is similar to one that was found to be plaguing Microsoft's MSN Spaces site a year ago and continues to occur there, according to a McAfee Avert Labs blog posting.

Fake sex videos are being used to entice people to download Trojans on Google Code, McAfee says.

(Credit: McAfee)
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
Topics:

Vulnerabilities & attacks

Tags:

Google,

security,

malware,

Google Code,

Trojan

Share:
Digg
Del.icio.us
Reddit
advertisement
Click here!
Recent posts from Security
Microsoft to fix holes in Windows, Office
Google privacy controls: Most people won't care
Zero-day flaw found in Web encryption
Mac Game: Art project or malware?
Corporate bank accounts targeted in online fraud
Hacker breaks into jailbroken iPhones, asks for $7
Malwarebytes accuses rival of software theft
Security firm M86 acquires Finjan
Related
Phishing, worms spike this year, say Microsoft and McAfee
Fake Facebook e-mail contains Trojan
Mac Game: Art project or malware?
Week in review: Motorola, Verizon ready the Droid
Malwarebytes accuses rival of software theft
Critical Windows 7 holes fixed in record Patch Tuesday
Adobe exploit puts backdoor on computers
New Trojan encrypts files but leaves no ransom note
Add a Comment (Log in or register) (3 Comments)
  • prev
  • 1
  • next
by shootthecops January 9, 2009 7:00 PM PST
it's good to see google has commented on the mistake rather than simply try to hush it up.

that said, "live free sex movie" seems like something targeted at an uneducated person, who doesnt know about torrent trackers?
Reply to this comment
by gtnla January 10, 2009 7:09 AM PST
Why are these site owners not being turned over to law enforcement for prosecution.
Reply to this comment
by imacpwr January 11, 2009 2:52 AM PST
I find it hard to believe that a "real" developer is dumb enough to be downloading Porn link trojans on the Google Code hosting site.
Reply to this comment
(3 Comments)
  • prev
  • 1
  • next
advertisement

FAQ: Buying the right Windows 7 upgrade

Readers still have lots of questions on just which version of the software they need to buy in order to upgrade their PC. CNET News tries to offer some answers.

N.Y. lawsuit details Intel's 'largesse' toward Dell

Attorney General Andrew Cuomo's federal antitrust case filed Wednesday alleges a longstanding symbiotic relationship between Intel and Dell.

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET