Amichai Shulman, co-founder and CTO, Imperva, said: “Google can be used as an extremely powerful automated attack tool, and attacks that in 2004 were science fiction are now painful facts.
"Unfortunately, although we have seen attacks using Google increase massively since January this year, their effectiveness shows no signs of dropping.”
Shulman explained that search engines could be used to perform a variety of online attacks. The engine can be used to automatically search for vulnerabilities, and this functionality has been increasingly exploited by worms, dubbed Google worms.
This allows the worm to operate far more effectively, as it already knows which areas of which specific sties are vulnerable to specific attacks. This minimises the worms' network footprint, and makes detection more difficult.
Additionally, a functionality within Google Advertising – Shulman refused to disclose more details – allows an attacker to issue structured SQL queries to target sites. This is particularly worrying, said Shulman.
“This method not only provides the attacker with a free automated attack tool that preserves his anonymity, it also enables him to penetrate more deeply. many applications defend against similar attacks by refusing unauthorized, unauthenticated requests. However, the Google bots are both, and allow the hacker a deeper level of application access automatically.”
Shulman, presenting 'Google-Hacking and Google-Shielding', told RSA delegates that his team and Google were working on closing the loophole.
Another attack made possible by search engines is 'masking' where smaller business sites can be removed from top search rankings by an attack that uses proxy sites to display duplicated content. If there are enough of these proxies, Google can assume that the original site is a copy, and penalise it by removing it from its rankings.