• On MovieTome: The 10 worst movies of 2009 so far!
January 9, 2009 5:18 PM PST

McAfee: Google developer site being used to distribute malware

by Elinor Mills
  • Font size
  • Print
  • 3 comments

Google's free code-hosting Web site for developers is being used to distribute malware, a security researcher said on Friday.

Google Code is a place where programmers can host projects and code. Along with the legitimate code are links to fake videos that direct users to download a missing codec, said Dave Marcus, director of security research for McAfee Avert Labs. The codecs turn out instead to be password-stealing Trojan horses and programs geared toward stealing financial information for identity fraud, he said.

"They're using it as a way to send out links or as a place to house their links and redirects because it's Google and obviously it gets highly ranked in the index," he said. "The bad guys look for services like this as a way to push out code."

A Google spokesman said the company has removed malware-distributing projects from Google Code and search results.

"Google works hard to protect our users from malware. Using Project Hosting on Google Code, or any Google product, to serve or host malware is a violation of our product policies," the spokesman said in a statement. "Using automated tools, we actively work to detect and remove sites that serve malware from our network. We have removed many of these projects from Google Code and from our search results. Additionally, we'll continue to explore new ways to identify and eliminate such content."

The problem is similar to one that was found to be plaguing Microsoft's MSN Spaces site a year ago and continues to occur there, according to a McAfee Avert Labs blog posting.

Fake sex videos are being used to entice people to download Trojans on Google Code, McAfee says.

(Credit: McAfee)
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
Topics:

Vulnerabilities & attacks

Tags:

Google,

security,

malware,

Google Code,

Trojan

Share:
Digg
Del.icio.us
Reddit
advertisement
Click Here
Recent posts from Security
Confidential 9/11 pager messages disclosed
Microsoft warns of IE exploit code in the wild
Chrome OS security: 'Sandboxing' and auto updates
E-tailers snagged in marketing 'scam' blame customers
McAfee warns about '12 Scams of Christmas'
Cisco launches iPhone security app
Town to photograph every car that enters and leaves
New Firefox 3.6 beta aims to cut crashes
Related
Phishing, worms spike this year, say Microsoft and McAfee
Fake Facebook e-mail contains Trojan
Essential Firefox security add-ons
Mac Game: Art project or malware?
Week in review: Motorola, Verizon ready the Droid
For the Record Podcast: '12 scams of Christmas'
Malwarebytes accuses rival of software theft
Browser security features compared
Add a Comment (Log in or register) (3 Comments)
  • prev
  • 1
  • next
by shootthecops January 9, 2009 7:00 PM PST
it's good to see google has commented on the mistake rather than simply try to hush it up.

that said, "live free sex movie" seems like something targeted at an uneducated person, who doesnt know about torrent trackers?
Reply to this comment
by gtnla January 10, 2009 7:09 AM PST
Why are these site owners not being turned over to law enforcement for prosecution.
Reply to this comment
by imacpwr January 11, 2009 2:52 AM PST
I find it hard to believe that a "real" developer is dumb enough to be downloading Porn link trojans on the Google Code hosting site.
Reply to this comment
(3 Comments)
  • prev
  • 1
  • next
advertisement
Click Here

Let the battle for holiday gadget shoppers begin

Retailers try different strategies for competing with behemoths like Amazon and Wal-Mart in the cutthroat competition to lure those giving electronics as gifts.

Firefox hopes to one-up IE with fast graphics

Windows 7 features called Direct2D and DirectWrite will speed up Internet Explorer 9 performance. But Firefox hopes it might retool for the same benefit first.

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET