Google's Web crawlers were tricked into spreading SQL injection attack -- and reflect badly on search giant's security practices

It's bad enough that Google's Web crawler bots have been hijacked by malware and used to spread a SQL injection attack.

What's worse is that this sort of exploit -- turning Web crawlers into attack bots -- dates back almost 15 years. It's one that most any modern software engineering organization ought to know how to thwart, especially Google.

Ars Technica first reported how security researcher Daniel Cid of Sucuri noticed some strange things going on with a client's website. A firewall was blocking requests coming in from Google's address block. That was odd. Even stranger, those requests were all too obviously a variety of SQL injection attack...



Full story available at InfoWorld,
Click HERE