Interest in Google Wave is being exploited by people behind malicious web sites, according to a security software company. Looking for an invitation could result in a malware infection.

Those using Google searches to try to gain an invitation risk landing on a page that attempts to install malware on their computer. According to Kane Lightowler, Imperva’s regional sales director for Australia and New Zealand, the bad guys are using techniques such as Google search poisoning to attract people to malicious sites.

“We’ve seen this happening,” he told iTWire.

Lightowler explained that one approach involves linking to the malicious page from reputable sites either by using exploits that allow the alteration of content hosted on a server, or simply by leaving comments. Embedding the right keywords makes the target appear a better match to Google, and setting the link text the same colour as the background means it is less likely to be spotted by the site administrator.

“Google Wave is a very topical search term at the moment,” says Lightowler, which is why it is being targeted.

He suggests individuals run up to date security software on their computers and keep it up to date. Browsers such as Firefox and Chrome warn of dangerous search results, and there are various add-ons for other browsers to provide similar protection.

Organisations should take steps to ensure the security of their web servers to prevent such malicious defacements. Previous attacks have concentrated on high-profile sites which have now tightened their security, so attention has shifted to compromising larger numbers of smaller organisations.

One way this can be readily achieved is by attacking a service provider’s server that hosts multiple sites.

“Small or large [sites] are not immune” to the crooks’ attention, said Lightowler. And the processes needed to mount such attacks are becoming automated, he warned.

Not much is known about Google Wave except that there are hopes it will do away with all other forms of collaboration. The way I see Google Wave developing is that it will become a very useful tool to connect different business services onto one platform. This will become more and more popular as more and more businesses use it. This is a system for the big boys, whoever invests time and effort to implement and understand it, will be leading the pack. However, at the moment we’ve not even touched the tip of the iceberg.

Developers have to get stuck in and create reliable secure programs for the Wave system to plug into and connect business services. The important thing will be security. Google Wave will make it possible to do purchases directly via a Wave.

People and businesses will only adopt these game changing methods (as well as keeping the old methods) once it becomes mainstream and 100% reliable and secure.

(Google Wave Explained by Mashable)

I wouldn’t get my hopes up right now. We’re still a long road away before it becomes integrative for business structures.

In the meanwhile we need to address the security issues and discuss them.

What we talk about and demand the system to have is what the developers will develop.

The butterfly feeling of Google Wave will soon disappear however, it will come back when Wave services have the ability to grow your business’s bottom line securely.

06 Oct 2009
Dian Joubert

Google Wave Security Forum