More nasties found on Google Code repository

More nasties found on Google Code repository

Summary: Security researchers are finding more and more malicious things lurking on the Google Code project repository.

SHARE:
TOPICS: Malware, Google, Security
21

Security researchers are finding more and more malicious things lurking on the Google Code project repository.

According to Websense, code for a notorious PHP-based Web console known as "r57shell" has been hosted at Google Code since November 2007, giving malicious hackers a launching pad to control remote shells.

[ SEE: Malware hosted on Google Code project site ]

follow Ryan Naraine on twitter The Websense researchers found the black-hat toolkit among Trojan files and a text file with a list of more than 50,000 compromised MySpace accounts.

We saw that the Google Code Web site isn't just used to host malicious files, but is also used to host malicious Web content and tools. Abusing Google's services isn't new: with so many offered services as a platform, it follows that attackers will naturally use and abuse it, but it certainly looks like it doesn't have to be through the back door. Coming though the front one can also be an easy option.

Websense has posted screenshots of the discovery on its blog.

Just last week, another security research firm warned that hackers are using the Google Code repository to host Trojans horses, backdoors and password stealing keyloggers.

The researchers found a malicious project hosted on the free Google Code site with about 50+ malware executables stored in the download section of the project.

Topics: Malware, Google, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

21 comments
Log in or register to join the discussion
  • More reasons not to use Google

    Unless you like having your private data stolen, I can't think of any reason to use Google.
    iPad-awan
    • You should learn the difference between Google and Google code repository

      It's never to late to start learning. Yes, I know, the Internet can seem daunting to someone of enters it for the first time but I suppose there are quite a few books explaining it in simple terms to those of you less accustomed to digital devices.

      And you can always use the Internet itself to learn more. Here are a few pointers to get you started:

      http://en.wikipedia.org/wiki/Internet
      http://en.wikipedia.org/wiki/Computer_network
      http://en.wikipedia.org/wiki/Keyboard_(computing)

      Just browse wikipedia and you'll find plenty of stuff to get you on track.

      Happy learning!
      OS Reload
      • RE: More nasties found on Google Code repository

        @OS Reload

        Thank you. Now who's going to teach an advertising company to do security and development?
        tonymcs@...
      • RE: More nasties found on Google Code repository

        Microsoft should stop putting half<a href="http://www.leedphilly.com/"><font color="light&amp;height"> vehicle</font></a> of the any <a href="http://www.crescenciohernandez.com/"><font color="light&amp;height">this</font></a> is the music <a href="http://www.anangrymob.com/"><font color="light&amp;height">of angry</font></a> that can make <a href="http://www.performingalileo.net/"><font color="light&amp;height">perform</font></a> you to fly <a href="http://www.spindletopsteakhouse.com/"><font color="light&amp;height">steak</font></a> and also baked
        gogon gondrong
      • RE: More nasties found on Google Code repository

        @OS Reload Amazing one, i appreciate this work....
        <a href="http://www.theessay.co.uk/">Essay</a>
        <a href="http://www.thecoursework.co.uk/">Coursework</a>
        <a href="http://www.theassignments.co.uk/">Assignment</a>
        bynes69
      • RE: More nasties found on Google Code repository

        @OS Reload Great informative post thanks for sharing.....
        <a href="http://www.thedissertation.co.uk/">Dissertation</a>
        <a href="http://www.theonlinethesis.co.uk/">Thesis</a>
        bynes69
      • RE: More nasties found on Google Code repository

        @OS Reload

        knowledge is power!

        <a href="http://diablo-3-blog.org/">diablo 3 beta</a>
        zipzip39
  • And to think

    Googs wants to rule the world. Oh the irony.

    <I><s>Do No Evil</s>
    We want the world, and WE WANT IT NOW! </I>
    klumper
    • Silly Season is starting earlier than expected

      Why did you come so early? Early bird discount or something?
      OS Reload
      • Googs is free game now

        @OS Reload

        They should have known the squeaky wheel gets more than grease.
        klumper
    • RE: More nasties found on Google Code repository

      @klumper of course, well pointed out.

      Nice post my friend

      <a href="http://www.mad4sport.co.uk/saucony-jazz/">saucony running shoes</a>
      grahamrix
  • RE: More nasties found on Google Code repository

    you know as a joke i told a few of my friends that if they used google they would get a virus, who knew that it would be true. lol
    xangpow
  • RE: More nasties found on Google Code repository

    I frequently read articles here and refer them to associates who "have a bit yet to learn". Thank You to the publishers and authors for that!<br><br>Too bad though, that the majority of "Talkback" comments have nothing for those new to the ways of the 'net. Other than to hurt your own arm patting yourself on the back for already knowing the new info or just posting some superfluous noise, why are you guys here? What are you contributing to the Community? Where is the solution-seeking cooperative encouragement that will make things better for all? Are you the same guys I read on various "political" boards? Are you all neo-cons? Your behavior seems obstructionist!

    Kudos to "OS Reload" for demonstrated patience and "can-do" encouragement to the less knowledgeable to keep learning! Your "type" will propel us all to better tomorrows.
    justjosephhere
    • Those new to the ways of the 'net

      @justjosephhere
      [i]What are you contributing to the Community? Where is the solution-seeking cooperative encouragement that will make things better for all? [/i]

      Neocons? Please. I can't speak for everyone under the umbrella you've painted, but I can say that some of us have been around for a spell. Meaning, our noses aren't quite as cherubically shiny as in the days of yore (hell, some had already flamed to a crisp during the Usenet era).

      Now when you get to such bloodshot climbs, maybe you too will join us [the forces of evil, buwahahaha]. As for superfluous noise and obstructionist behavior, that sound echoes from tabernacles on high too, don't kid yourself. You know, from the very sources you're seeking to champion.

      Only the sanctimonious, trickle down capitalist ethos many have proclaimed as our modernistic savior evaporates when the pipes start to leak. Repeatedly. To wit, unfulfilled promises dished at breakneck speed have remained just that in this new, diminishing returns world.

      Let me be the first to say, welcome aboard newb.
      klumper
  • RE: More nasties found on Google Code repository

    This is what happens when anyone provides code hosting of any variety without any kind of verification or fee. This is also why extreme security is a must-have for any company connecting to the internet these days. You never know when a malicious computer-using individual is going to spring something on you.
    e1nh4nd3r
  • Lets assume the title read

    "More nasties found on Microsoft Code repository"

    What kind of reaction would you think we would see...

    This is typical of Microsoft, they think they are giving things for free doesnt mean they can by pass security, in fact by giving things for free they are doing a disservice to the Internet community. Microsoft should stop putting half baked solutions on the web under the pretext of giving for free...blah blah blah
    DontBeEvil
  • RE: More nasties found on Google Code repository

    http://www.52tube.com/
    http://www.wctube.com/
    http://www.cameporn.com/
    http://www.escortbayan9.com/
    tamam
    myclub
  • Great

    Took a lot of time to read but I really found this very interesting and informative, thank you buddy for sharing.

    <a href="http://www.logovilla.com/stationary-design-services/" title="Stationary Design Services">Stationary Design Services</a>
    <a href="http://www.logovilla.com/website-design-services/" title="Website Design Services">Website Design Services</a>
    <a href="http://www.logovilla.com/banner-design-services/" title="Banner Design Services">Banner Design Services</a>
    <a href="http://www.logovilla.com/brochure-design-services/" title="Brochure Design Services">Brochure Design Services</a>
    <a href="http://www.logovilla.com/" title="Cheap Logo Design">Cheap Logo Design</a><br/>
    Brenda345
  • RE: More nasties found on Google Code repository

    Very informative Post, thank you for that! http://www.nagelstudiohamburg.net
    Nagelstudio in Hamburg
  • RE: More nasties found on Google Code repository

    Sweeeeet

    <a href="http://www.mad4sport.co.uk/saucony-jazz/">saucony jazz</a>
    grahamrix