Summary:    When someone refers to the Google Worm, they may be talking about a nasty computer worm, known to take advantage of Google's search offerings for its own dirty work. Or, when they talk about the Google Worm, they could actually mean the Google bot.

 

A worm is a program, a computer virus that reproduces itself and spreads these copies from computer to computer across a network. On a slight variation to this, so-called Google worms also use a computer’s sending and receiving functionality, and use Google to attack other systems by sending queries. If left unchecked, it can flood thousands of mail boxes with these copies of itself and initiate senseless Google searches, so-called denial of service attacks, from the machines that it has infected.

One famous example of a denial of service attack was caused by the worm MyDoom. It attacked Google and several other search engines by using a back door that allowed hackers to take control of infected systems. These back doors made it easy for the worm to harvest email addresses.

But the term Google Worm did not until recently have such a negative connotation to it. The “real” Google Worm (also referred to as The Googlebot, The Google Crawler or The Google Robot) is nothing more than Google’s robot spider that is used by the company to detect and index web pages for its famous search engine database - and for the rest of us to locate and then use, of course.

This little software robot finds sites automatically by “crawling” the web. A given site’s HTML Meta tags make references to its server’s local robots.txt file which in turn give specific directions to the robot as to what can be included in or excluded from the Google database.

Unfortunately, a new form of worm, also referred to as the Google Worm, not only uses Google to attack other systems by sending queries, it also uses Google’s search engine database to locate vulnerable systems, to connect to them and to deface their web sites.

A recent example of such an insidious program is the so-called net-worm.perl-santy.a worm. It queries Google and locates web sites which run a specific version of vulnerable software - in this case it was a version of the open-source PHP scripting language phpBB (bulletin-board) 2.0.11 which, of course, has been fixed in the meantime. Santy.a then connects to those sites and exploits the vulnerability it was designed to exploit, thus gaining access to the server that is running the actual bulletin-board software. It then annihilates critical files (.htm, .php, .asp etc.) and vandalizes the site with meaningless text, its signature so to speak.

One interesting aspect about this new type of worm is the fact that it automatically gathers information. Up until now, hackers had to manually search their victims out. This will certainly appear more and more in the future and will make the need for effective and up-to-date anti-virus software (and regular backups) all the more important.

So what’s the moral of this story? Always be aware of possible inherent dangers when installing an open-source (or any other) software package. And always have a good anti-virus package from a reputable company installed on your system; consider configuring it to automatically update itself. And always keep your operating system patched to the very latest patch level.

Recommended Reading (click on the picture for details):

For similar stories check out our archives on:
Computer Worms, Google Worm

All About:   Travel    Cruises    Purses    Dictionaries    Correspondence Courses    The Law    The Raw    The Internet

Have something to say about this topic? Check out our Forums→

Email the link for this page to a friend!

Add to del.icio.us

Like Our Site? Link to All About Worms!
Just copy this code, and put it wherever you'd like on your website!: <a href="http://www.allaboutworms.com" target=_blank>Check out the worms at All About Worms!</a>

→ Writers and worm enthusiasts! Do you want to contribute an article to our collection? If so, send us an email here.