blog trackingRealtime Web Statistics Busts | Gregory D. Evans | Worlds No. 1 Security Consultant

Posts Tagged ‘busts’

Israeli firm busts 13-year-long Europe hack attack

Source: National Cyber Security – Produced By Gregory Evans

Israeli firm busts 13-year-long Europe hack attack

One of the biggest and certainly longest-living professional hacking operations in the world is history — thanks to an Israeli company that discovered that thieves have been using a single system to break into computers for more than a decade. […]

For more information go to, http://www., or

The post Israeli firm busts 13-year-long Europe hack attack appeared first on National Cyber Security.

View full post on National Cyber Security

ICE busts prolific dinosaur fossil smuggler

Mark Rockwell Top Priority Sector:  border_security Image Caption:  Tyrannosaurus bataar In another unusual case that sometimes crop up during ICE’s smuggling enforcement duties, the agency has arrested a Florida man for illegally importing dinosaur fossils from China and Mongolia that could be worth millions. Homepage position:  10 read more View full post on Government Security […]

View full post on The Cyber Wars

Google busts itself for distributing malware

Google is under fire in Washington for favoring its own properties. This week, I ran across proof that on at least one front it doesn’t discriminate.

The company’s Safe Browsing service uses Google’s wide-ranging spiders to look for evidence of malware distribution on the network at large; the findings are used to block potentially dangerous sites.

So what happened when Google inspected Here’s the Safe Browsing Diagnostic page:

Oh my. Here are some results:

  • “Part of this site was listed for suspicious activity 3 time(s) over the past 90 days.”
  • “Of the 2321615 pages we tested on the site over the past 90 days, 50 page(s) resulted in malicious software being downloaded and installed without user consent. … Malicious software includes 296 trojan(s), 35 scripting exploit(s), 15 worm(s). Successful infection resulted in an average of 5 new process(es) on the target machine.”
  • “Over the past 90 days, appeared to function as an intermediary for the infection of 11 site(s)…”
  • “[T]his site has hosted malicious software over the past 90 days. It infected 172 domain(s)…”

This shouldn’t be a surprise to anyone who follows distributors of malware. As I’ve demonstrated here and here, the bad guys love to target Google search results. And Google search results were the primary vector for the Mac Defender attack that plagued Mac users in May and June of this year.

The notion that malicious software can be downloaded and installed without user consent is chilling, but to put things into perspective, that count represents about 1 dangerous page for every 50,000 in Google’s index.

I asked a Google spokesperson for an explanation and received this response:

Google’s automated malware scanning systems don’t play favorites when searching for malware – they scan and flag Google sites just like any other site. Many Google properties are designed for user-generated content – like Google Sites, Google Docs, YouTube, etc. So Google has developed sophisticated systems to help ensure user-generated content is safe, including our dynamic malware detection system which feeds data to the the Safe Browsing Diagnostic pages.

Whenever we find malware on a Google property we’re committed to protecting users. Yes, that may mean adding a Google property to the malware list. But the best way to protect users is to remove the malicious content. Google’s Anti-Malware team works closely with other Google teams to quickly clean up user-generated content on Google properties.

Battling malware is a difficult and on-going task. Google’s priority is protecting users, and we hold ourselves to a very high standard. Google’s Safe Browsing API protects millions of users every day as proof of our commitment.

And how did Microsoft’s properties fare? Here are the Safe Browsing Diagnostic pages for and When I checked earlier today, both sites were found to have hosted malicious software, just as Google did. showed no evidence of having allowed malicious software to be downloaded and installed without consent. For Bing, however, the result was less than perfect:

Of the 17068 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent.

In Bing’s case, the last detection of malicious software was on August 29. By contrast, Google found malicious software on its own properties as recently as this morning.

The moral of the story: Keep your guard up when you search.

Article source:

View full post on National Cyber Security » Virus/Malware/Worms

My Twitter

Gregory D. Evans On Facebook