Windows 7 - Malware hosted on Google Code project site

Read More:

Malware hosted on Google Code project site | ZDNet

At least its been cleaned up for now.

Google Code Discovered Serving Malware | threatpost

thats a bit worrying for google

Well, I don't think it is so worrying for Google, as google has offered a lot of Free services, such as that one. Just ballsy that a malware group to use that service to host their malware code like that.

I don't recall whether or not Google actually goes out of its way to scan stuff like that on their services though.

Apparently they didn't. This is just negligent on their part.

If a site hosts code or programs, they're not always responsible for it's content (as is the case in some disclaimers).

But I would have expected better from Google. They have more then enough money & resources available to host a clean site and do scans.

Uhm...

I humbly have to disagree on the definition of 'hosting a clean site'.

It is one thing if, as an example, having a site that is purposely sending malware and viruses like the infamouse WowUI which has had, numerous times, had themselves hacked and purposely sending users of that site malware/viruses that had nothing to do with WoW Interface Mods, to having a site that is there for Code Provision, not purposely injecting anything to users being used as a repository site to pick up malware code and executables.

In the Case of WoWUI, they never really bothered to secure their site and allowed hackers to not only compromise their security time and time again, but basically did nothing to prevent hackers from abusing their site to purposely infect visitors time and time again.

Google Code site did what its purpose was, to be a single source code repository for people to access, controlled by the person who put up that code source section. In this case, the person who put up the code source section was a ballsy hacker putting various malware there for others to get. To my knowledge, anyone can do that on ANY service, including your own ISP and your own ISP would not know any better than Google to be actively searching it until someone made a fuss about it.

To my knowledge, Google Code service never promised to 'check every code' source up there... And to be honest, even with the resources they have, I seriously doubt they would do that... Why? Violation of code ownership. Yes, I know, I am no lawyer and there isn't necessarily any law, however, I feel that somewhere, in their Terms of Service, they may have made a legal promise that they would NOT be intrusive on people placing code there. The chances of copy right violation or suing possibilities is too high to be actively scanning. And there is also a possible chance of a false positive given the fact that most of the Visual/.Net code is the basis for most of the Windows based viral/malware attacks that people could, inadvertently create a similar morphism of a malware that could raise flags by accident than what was intended.

Yes, I know this is sort of a straw man argument, but unfortunately, I tend to play the Devil's Advocate on such arguments because it is easy to say "They should know better..." without knowing what other possible ramifications or reasons why they didn't do so in the first place. And unfortunately, there can be circumstances where they might have gone with this particular model and now with what has happened, they might have to re-do their terms of service agreement to prevent this from happening again. Whether or not the coders using the service will continue to function under a change in the ToS will have to be seen, depending on what changes were made and how the coders consider the change affects them.

Well...yeah...I didn't take into consideration the legalities that could pop up. Aren't we just the litigious society nowadays?

Although I would have thought that if they were hosting the site they would have some kind of wording that says you agree to submit to a virus scan if you upload anything.

I'm surprised WoW didn't have a secure site. Or maybe I shouldn't be....

I guess it just goes to show anytime you d/l anything, you takes your chances.

Well, it's shut down now...

and thanx for the insight

Well, trust me... In the years I have been going, "Why can't somebody do this..." Then me playing Devil's advocate and going... "Oh... That may be why..." has taught me that it is very easy for people to only see a one sided view.

Well, that, and arguing with a bunch of gamers with regards to play balance on Planetside with people entrenched on one side and claiming I don't see their 'issues' when I also play all three sides to see how things work.

As for WoW, I was referring to a community site called WoWUI. It is one of many community sites, but one not administered very carefully compared to other community sites like Curse.com and Wowinterface.com, where they had admins with a bit more forethought and concern in their system.

Also, as a person who is working in a University system, I have come to learn a few things of how different groups handle different things. Such as the University of California system has an Electronic Privacy policy. Their policy is that even though you are using their system, student, staff, or Faculty... Your right to privacy is not to be violated. Even if I was an administrator, I could lose my job if I so much as access another user's email or directory location that is setup for them without their permission. In a corporate environment, I am allowed to do so for the purpose of business.

Again, different policies for different reasons. If you look at some arguments as well, there is the consumer rights and consumer's belief in their rights. You will find that some consumers believe they have the right to certain things that tend to be a little over the top and will literally sue when they feel their rights are violated, hence why all the 'fine print'. And of course, there are also scammers who will take advantage of people legally too.

In all, I wasn't trying to be one sided, although I may have sounded that way inadvertently. Too much damn homework to tink straight

It just shocked me that a site like Google allowed something like that to happen. But then again...there are the legalities. What's even more surprising was they didn't run regular virus scans on the hosted codes. I have to wonder, would that still be a violation of any protocol? I mean, to me, that would almost be expected. Maybe they didn't specify it in their TOS or something.

I'm not sure of our schools policies but I do know they actively monitor what people are watching on the web. We were all sitting in class last sem when a couple guys came up & grabbed the teacher. They walked back in & then they walked over to this girl in one of the rows, turns out she was watching porn...in class....I guess they can legally do that, monitor usage. There is a disclaimer when you start a PC that says "this system is not to be used for viewing pornographic materials" and a list of some other stuff.

It's curious, the universities seem to have stricter privacy policies then most companies. Of course, nowadays, when you get hired to a company you sign some kind of a form that states all E Communications are subject to the scrutiny of technicians and others. I think they place it under "company security" don't they?

It all get's confusing, the laws are put in place to protect people, but if you find a good work around or know how to use the system, you can get by them easily.

Well, technically, to monitor people's internet usage is possible, but to actively do that is difficult.

However, I can tell you from a corporate standpoint, as I have done it before, is that anyone who has setup anything, they will have roughly the following setup:

Firewall (With Logging)
Proxy Server (If their Firewall software can't support certain logging or content control)
Specifically setup DHCP server to force certain types of things.

In the last company I worked at, A Checkpoint Firewall was setup, but in order to control certain accesses for the call center and for stores, we had to setup a Proxy Server to do web content filtering due to the nature of some of the places the Call Center and Stores had to be able to go to. Checkpoint Firewall does not deal with dynamic domain IP assignments easily so having to rely on a Proxy Server to control that was necessary.

To further control that and take it out of the hands of the users, you would then force them to use the proxy server via DHCP. While they could try and go directly out, that is where the firewall would be configured to block that access going out and forcing users to use the proxy server if they wanted to gain web access, which again, you restrict them from going where they wanted based off of IP or by user authentication process.

In cases like what you put above, with logging in place and one additional thing, which would be bandwidth monitoring... If abnormal surges of information is happening and with the right tools, you can narrow down the IP of a person within a given network and then show logs of what a person is doing so they can't 'fib' about it.

Streaming videos, for example, tend to raise flags in corporate or education areas because it is an abuse of their resources and generally get tracked down pretty quickly, especially if it is heavy traffic. The one thing most people cannot disguise that brings the most attention will always be heavy bandwidth usage from a particular IP. Don't forget, there is also various kinds of listings, that I wouldn't put it past if there was a listing of known porn sites for business and education to 'monitor' and have alerts... Not to mention it probably isn't the first rodeo of that nature they had to deal with.

Also, mind you, I wouldn't put it past that girl has probably done it more than once and not just in the class that not only did she raise a red flag, but they gathered some more information to pretty much point out 'You can't say this is a first time offense.' as I have been asked to pull logs for several days when a person has done something a manager suspects has been going on to show the user they are in trouble.

And again, this goes back to what Google Code may provide. In all honesty, they may have not considered people using their service to be using it as a repository for malicious code, and to be fair, decent, well meaning coders would not put malicious code out there. The framework of what Google Code is also setup to be where authors of said code are putting up executable code that people might want to use, the said author is putting it up in good conscious and maintaining that code exempt of any harm.

And to be honest, this is also the same methodology that Microsoft has worked under when you look at Windows as well as all the Microsoft Software products. The original intention was there for people to make use of the software to improve things, however, the security holes in that software and in any software was basically not taking into consideration other people's malicious intent and it bit them in the butt time and time again.