Fake GoogleBots Becoming a Real Threat and DDoS Attack Tool
New reports show that fake bots appearing to be Google are crowding over the internet becoming a real threat and attack tool that cybercriminals are already abusing.
No matter the harshest rules an enterprise or website owner has, there is always an open door for Googlebot, a small bot that visits the website to obtain content and post it in the Google search engine. Googblebot crawls nearly every website to build a searchable index that assures a websites content will be ranked inside the search engine.
Attackers have taken action against the vast amount of access networks give Googlebot, and have been spoofing Googlebot to launch multi-layer distributed denial of service (DDoS) attacks.
Researchers at Incapsula security firm have identified the growing trend among these GoogleBot attacks, noting every 25 GoogleBot visits, companies are likely to receive one faulty GoogleBot visitor. Nearly a quarter of the fake GoogleBots found to visit websites were found to be used in DDoS attacks, ranking it number three among the most popular DDoS bots circulating the internet, according to product evangelist Igal Zeifman.
Zefiman said Incapsula is able to identify phony GoogleBots because Google crawlers come from a pre-determined IP address range. All imposter’s are appearing from malicious addresses that were found to be initiating malicious tasks such as site scraping, spamming, hacking and sending large DDoS attacks. Over twenty three percent of phony GoogleBots were found to send application layer 7 DDoS attacks.
In a study of over 30 days, Incapsula calculated over four percent of of bots utilizing the GoogleBot user agent were found to be faulty.
The spam that was originating from the phony GoogleBots was not found to originate from one server, but instead a botnet of infected computers abused for malicious use. Attackers were found to be from all over the world ranging from the United States, China Turkey, Brazil, India, Thailand, and a number of other countries.
The Google ID for attackers is extremely valuable considering the bot gets nearly as much treatment as possible from website owners knowing Google can help rank their content. Content creators don’t want to hinder Google’s abilities to do so, so they leave almost every door open for the bot.
Good news is the phony GoogleBot spam can be accurately identified and stopped using “security heuristics, including IP and ASN verification”, but can be hard to independently implement for website owners.