Hackers using botnets to bypass Google and map attack victims

Hackers could be generating more than 80,000 queries a day using botnets as they look to harvest the power of search engines to discover the most vulnerable targets on the web to attack, according to the latest research from Imperva.

The web application security firm revealed in its Hacker Intelligence Initiative report that the attackers use specially crafted search queries known as 'Dorks' or 'Google Dorks' which focus on specific locations or sites to zero in on a potential attack target.

These Dorks are exchanged by hackers on underground forums such as the Google Hacking Database, the firm said.

The search results can then be used by the hackers to identify vulnerabilities and launch attacks to steal or alter data or even compromise company servers.

"The search engines are aware of this abuse of functionality and have implemented various anti-automation techniques, but the figures from the report show that an enormous amount of queries are possible," Imperva chief technology officer Amichai Shulman told V3.

"The hackers are mitigating these anti-automation techniques by distributing their queries over IP addresses and by narrowing the search terms."

Shulman explained that his team has been monitoring Dork activity in two search applications. While the team has not been monitoring "the most prominent" engines, such as Google's, Shulman predicted that this activity will be "fairly common" among all search engines.

Google could not be reached for comment at the time of writing.

Imperva urged search engine companies to look more closely at network traffic, picking out queries which are known to be part of public Dorks databases or that look for known sensitive files.

The security firm added that any IP addresses suspected of being part of a botnet should be blacklisted, and strict anti-automation technology, such as Captcha, should be applied.