An unofficial blog that watches Google's attempts to move your operating system online since 2005. Not affiliated with Google.

Send your tips to gostips@gmail.com.

September 22, 2006

Google Ajax Search, To Help JavaScript Worms

Gnucitizen blog has an interesting post about Google Ajax Search API, a tool that allows you to integrate Google Search into your site and let visitors search Google without leaving your site. The post shows that this API could make life much easier for those who write malware and might facilitate their propagation.

"Web worms can use Google's infrastructure to propagate. If a malicious mind finds a vulnerability in WordPress for example and this vulnerability allows SQL Injection, a worm may be written to crawl blogs in search for this vulnerability and embed itself into everything that is vulnerable. Once a user visits an infected blog the worm starts another cycle.

Another worm might be able to crawl random sites and run generic Cross-site Scripting and SQL Injection checks and send the results to their master who will use them to release more advance worms.

Malicious minds can use Google technology and recently discovered vulnerabilities to create a BotNet that can be used for computational tasks, attacks, information gathering and pretty much everything else that the masters can come up with."


Unlike standard worms, JavaScript worms are not easy to detect and can spread rapidly . The author also thinks that in the future the web will be the new arena for malware, and we may need a web anti-virus that monitors visited web pages.

Related:
Cross-site scripting (Wikipedia)
Cross-site request forgery (Wikipedia)
Samy is my hero (MySpace worm)
More about Google Ajax Search API

4 comments:

  1. I'm proud to be bulgarian :) pdp architect, the man behind gnucitizen, is bulgarian too.

    ReplyDelete
    Replies
    1. HACK ATM MACHINES NEAREST TO YOU AND BECOME RICH!!!
      You can hack and break into a bank's security ATM Machine without carrying guns or any weapon.

      How is this possible?
      First of all we have to learn about the manual hacking of ATM MACHINES and BANKING ACCOUNTS.

      HOW THE ATM MACHINE WORKS.
      If you have been to the bank you find out that the money in the ATM MACHINE is being filled right inside the house where the machine is built with enough security. To hack this machine We have develop a special blank ATM Card which you can use in any ATM Machine around the world. This ATM card is been programmed and can withdraw $1000 within 24 hours in any currency. There is no ATM MACHINES this BLANK ATM CARD CANNOT penetrate because its been programmed with various tools and software. The card will make the security camera malfunction at that particular time until you are done with the transaction you can never be trace. It also has a technique that makes it impossible for the CCTVs to detect you, Getting the card you will forward to me your details so we can proceed to send the card to you once you agree to the terms and conditions. You would wonder why i send out the cards instead of using them my self to get enough money. The card does not work in my current country so i am using it to help people and they will send me part of the money once they get it and use it. If you are interested then email Anna for more info: (annaroddy174@gmail.com)

      Delete
  2. I did my favourite search with google ajax here

    ReplyDelete

  3. I just want to share my experience with everyone. I have being hearing about this blank ATM card for a while and i never really paid any interest to it because of my doubts. Until one day i discovered a hacking man called Robert. he is really good at what he is doing. Back to the point, I inquired about The Blank ATM Card. If it works or even Exist. They told me Yes and that its a card programmed for random money withdraws without being noticed and can also be used for free online purchases of any kind. This was shocking and i still had my doubts. Then i gave it a try and asked for the card and agreed to their terms and conditions. Hoping and praying it was not a scam. One week later i received my card and tried with the closest ATM machine close to me, It worked like magic. I was able to withdraw up to $10,000. This was unbelievable and the happiest day of my life. So far i have being able to withdraw up to $58000 without any stress of being caught. I don't know why i am posting this here, i just felt this might help those of us in need of financial stability. blank ATM has really change my life. If you want to contact them, Here is the email address (unlimitedblankatmcardcreator@gmail.com)

    ReplyDelete