Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Fake Googlebots Increasingly Serve as Tools for DDoS

Real Googlebots help Google discover new and updated webpages so they can be added to the search engine’s index; fake Googlebots have no such good intentions.

Real Googlebots help Google discover new and updated webpages so they can be added to the search engine’s index; fake Googlebots have no such good intentions.

As it turns out, the evil twins of Googlebots are often used these days as the starting point for distributed denial-of-service (DDoS) attacks. According to new research from Incapsula taken from its inspection of more than 50 million fake Googlebot visits, 34.3 percent of all identified imposters were explicitly malicious – with 23.5 percent of these bots being used for Layer 7 DDoS attacks.

“Using Googlebot presents target website operators with a harsh dilemma – to block all Googlebots and be dropped from Google or to keep allowing Googlebots in and risk prolonged downtime,” Igal Zeifman, product evangelist at Incapsula, told SecurityWeek. “With Layer 7 attacks that can go for weeks and months at a time, both solutions are equally devastating.”

On average, a website will be visited by Googlebots 187 times per day, Incapsula estimates. For every 24 of those legitimate visits however, the site will also get a visit from a phony Googlebot. Many of the fake Googlebots examined by Incapsula were used for market intelligence (65.7 percent), while the rest were used for either DDoS, scraping (5.3 percent), spamming (3.8 percent) or hacking (1.7 percent).

In a blog post, Zeifman noted that fake Googlebots originate from botnets, most of which are inside the U.S., China, Turkey and India. The U.S. is the biggest country of origin for fake Googlebot visits, coming in at roughly 25 percent.

“One would assume that having a full list of IPs from Google could help, as it can be used by regular website owners to filter fake Googlebot traffic,” Zeifman told SecurityWeek. “However, realistically speaking, it’s hard to imagine most users keeping up with that list and updating their security rules as it expands. Realistically speaking, users just need to be aware of this threat and counter it with a security service that can accurately and transparently filter malicious bot traffic – Googlebot or otherwise.”

The best option, he said, is granular visit-by-visit processing, to verify the identity of every single visitor.

“This requires a lot of processing power, because you need to address each incoming request,” he said. “Very few possess that technology and fewer still have the CPU power to process hundreds of thousands of requests per second.”

Advertisement. Scroll to continue reading.

More on the Incapsula research can be read here

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.