14 DAY TRIAL // McAfee warns that lots of fake Google Code projects have been created by cyber-criminals in order to push malware to unsuspecting users. The projects promote adult videos that prompt users to download malware in the form of fake video codecs.
Google Code is a popular service used by numerous software developers to promote and host their projects. A similar service, called MSN Spaces, is being offered by Microsoft, and has been abused by hackers in the past. Chris Barton, research scientist for McAfee, points out that, in addition, Google automatically indexes the projects in it's search engine.
The McAfee researcher explains that, when attempting to watch the videos, which are actually just linked images, the users are redirected to a fake codec download website that actually serves them a malicious application. “Repeated clicks will take you to an adult site,” he also notes. The server hosting the malware is located in Latvia, and is also being used in other malicious campaigns.
Mr. Barton even gives some suggestions to Google on how to identify these projects and close them down. He points out that the video.gif image, which gets loaded from the same link all the time, is one of the consistent elements that can be used for tracking. Another one is a link to an in.cgi script, which is also present on all of the rogue projects.
The analyst notes that, despite constant reports, Microsoft has proven reluctant to clean up the MSN Spaces of such scams, even though some of them are one-year old. “I trust Google would like to appear less evil and will take more decisive action,” he writes. He also demonstrates how to use Google search with a specific string, in order to get a list of the fake projects.
This latest development is just another indication of an increasing trend of cyber-criminals using free services to distribute malicious applications or launch spam and phishing campaigns. For example, the hackers behind the notorious Koobface worm that spreads on Facebook, started using Google Picasa Web Albums service to host their malicious videos.
Another recent phishing scam has been making use of the Google Calendar. Google AdSense has also been used to display malicious advertisements that promote malware. One explanation behind this practice is that the malicious campaigns have better success rates, since users tend to trust well-known services more than other websites.