[ISN] Desktop search new target for viruses?

InfoSec News isn at c4i.org
Wed Dec 15 03:25:11 EST 2004


By Munir Kotadia 
Special to CNET News.com
December 14, 2004

Security experts are warning that virus writers could use new desktop
search tools to make their malicious software more efficient.

Foad Fadaghi, senior industry analyst at Frost & Sullivan Australia,
said that most viruses are designed to harvest e-mail addresses and
other personal information from an infected system. He warned that
because desktop search tools such as those recently announced by
Google, Microsoft and Yahoo can index and categorize that information,
virus writers are likely to start exploiting the technology.

"Desktop search products are very efficient at harvesting data, so it
wouldn't be surprising if exploits are sought by malicious coders. Any
software that can index and capture data on a user's PC will be
subject to virus and Trojan exploits. It is just a matter of time,"  
Fadaghi said.

Neil Campbell, the national security manager of IT services company
Dimension Data, said that any change in the desktop environment can
create new security vulnerabilities, so when companies decide to adopt
a new product they should look beyond the user benefits.

"It sounds like great technology, but don't deploy it without
considering the security implications. With any new product area there
is a need to consider security," Campbell said.

According to Campbell, virus writers are unlikely to start targeting
the new tools immediately--but only because they are not common.

"It is not going to be in the virus writers' best interest to target
them immediately. I would expect the spread of a virus to be inhibited
because of the low take-up rate--at least to start with," Campbell

Viruses have already used Internet search engines to harvest e-mail
addresses. In July, a MyDoom variant pumped so many queries into
Google that the search engine was unavailable or very slow for large
periods of time. The same variant of MyDoom also succeeded in knocking
a number of smaller search engines--including Lycos and AltaVista--off
the Web completely.

At the time, Graham Cluley, senior technology consultant at antivirus
firm Sophos, said he expected virus authors to continue manipulating
search engine technologies.

"You don't have to be psychic to predict the release of more worms
trying to scoop up e-mail addresses from search engines.  
Unfortunately, we expect to see other worm authors trying similar
tricks in the future," Cluley said.

Dimension Data's Campbell said that if companies do choose to use
desktop search tools, they should take extra care to ensure viruses do
not get a chance to reach the desktop.

"You need to consider these issues once the virus has infected your
PC, but more importantly, companies should prevent the virus from
executing. Make sure the PCs are up-to-date from a patch and antivirus
perspective and loaded with a personal firewall," Campbell said.

Munir Kotadia of ZDNet Australia reported from Sydney.

More information about the ISN mailing list