back to article Google Sites blight: Over 100,000 web pages for business form searches overrun with backdoor RATs

More than 100,000 web pages hosted by Google Sites are being used to trick netizens into opening business documents booby-trapped with a remote-access trojan (RAT) that takes over victims' PCs and hands control to miscreants. Infosec outfit eSentire on Tuesday said it has noted a wave of so-called search redirection …

  1. sbt Silver badge
    Alert

    The Web should be for content, not code

    This also applies to e-mail links; if we could transition away from executable code being downloadable by web browsers, this vector would go away. Applies to scripts as well.

    We'd need effective non-browser native apps for software retreival and installation; they could deal with code signing and attribution issues. Most platforms already have such apps like app stores. Or CLI tools like port, apt , brew, etc. As long as the OS/hardware maker doesn't get a monopoly on the app store or whatever software delivery mechanism like Apple has (for example), this would be an improvement.

    At a minimum, browser makers should be picking up on these malware techniques and blocking dodgy redirects and mismatches between reported and detected mime types on downloads.

    1. Anonymous Coward
      Anonymous Coward

      Re: The Web should be for content, not code

      The Web should be for content, not code

      Welcome to the debate we were having circa 1999.

      The sensible side with rational arguments lost and the "but muh spyware animations" crowd had thoroughly won by about ~2008.

      And the quagmire that we call the web today is the result.

      Happy wading.

    2. Twanky

      Re: The Web should be for content, not code

      browser makers should be picking up on these malware techniques and blocking dodgy redirects and mismatches between reported and detected mime types on downloads.

      But then you'll get the 'I won't use <browsername> - it doesn't work for so many sites that I use'

    3. Mike 137 Silver badge

      Re: The Web should be for content, not code

      The problem here is not the browser or downloadable code, merely that in the given case the malicious file is opened automatically in the browser. The attack could perfectly possibly also be triggered by saving the download and opening the bogus PDF manually. So if the browser is relevant at all, it's the hazard posed by browser helpers automatically opening files.

      HTTP file download is very convenient, and restricting it to non-executables would be both hard and intrusive. What's needed here is to exercise caution when browsing the web as by now we should all know that a lot of what's presented is not to be trusted.

      1. Twanky
        Holmes

        Re: The Web should be for content, not code

        by now we should all know that a lot of what's presented is not to be trusted.

        I was musing on this the other day. We regularly get reports in the media of people being defrauded. We also get regular warnings to keep our personal data safe. We rarely seem to get anything that closes the loop between the two - or if we do, I've missed it.

        It's all very well that '...we [Reg readers] should all know...' but most of my family roll their eyes or glaze over when I try to explain why it's a problem if F-Book has leaked their telephone number or whatever.

        I get it that banks (for example) want people to trust their phone apps. It's a trade-off: fewer bank staff but a bit more fraud. Its not in their interest for people to realise that installing the bank app is a risk because the bank does not control what else is on their phone/pocket computer.

        So, where are the engaging media stories that show how multiple bits of personal information gathered from their own or other people's 'social' media snippets, photos, discarded documents or whatever can be assembled into a weapon to be used against them? Or is it that these sorts of events are so much more rare than my paranoia has me believe?

        1. Doctor Syntax Silver badge

          Re: The Web should be for content, not code

          "I get it that banks (for example) want people to trust their phone apps. It's a trade-off: fewer bank staff but a bit more fraud. Its not in their interest for people to realise that installing the bank app is a risk because the bank does not control what else is on their phone/pocket computer."

          Disregarding bank apps, there's the question of banks and email security. As things stand banks prefer to train their customers to fail at email security rather than to take care. As long as they do that I wouldn't trust a mobile app from any of them. A stack of twenties under the mattress seems way more secure and, given current interest rates, not expensive.

          1. Twanky
            Coat

            Re: The Web should be for content, not code

            A stack of twenties under the mattress...

            At least with the plastic notes we use now there's less risk of losing the money if you accidentally engage in money laundering.

            icon: looking for that twenty I thought I had.

  2. Kevin McMurtrie Silver badge

    Google is the new Yahoo

    History is repeating itself - chaotic product offerings, many departments with no focus, too many employees, no customer service, easily abused services, betting everything on advertising revenue, and thinking it's too big to fail.

    I've been blocking much of Google on my mail server. There are a lot of legitimate mails rejected but I don't see how else to make the constant spam stop. It takes Google about 4 months to fix each mailing list exploit in their services.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021