A new type of malware has been found today which uses the Google search engine database for hosting. Werner Klier (virus researcher from GData) pointed us to one very puzzling result of Google search. This result was detected as malware with avast! from the beginning. It is however a very interesting approach from malware creators – using Google to host their malware. Here I’ll describe how this infection works (virus researchers from GData, Ralf Benzmüller and Armin Büscher, reached the same conclusion).
In the previous month the World Wide Web was subject to one of the heaviest attacks since it first came into existence. Thousands of legitimate websites were attacked by the Trojan horses JS:Redirector-H and JS:Redirector-J, the aim of which was to infect millions of unsuspecting users. avast! was the first antivirus program to detect the infection right at the start and all users of avast! were protected throughout the duration of the attack. Now, more than a month after the attack was first detected, it is possible to assess the attack.