Malware writers find various places to store their malware so that they can use that location hard-coded in their downloaders they distribute and can change their original payload with different files so that they can infect efficiently with different executables and can be left un-detected. Googlecode have become one such location where malware writers can have a repository of such executables and can modify when necessary. Check the screenshot below which states one such example.
Most of the files are executable files along with archived “.rar” files. The time stamps show that the files have been uploaded over the course of the last coupe of months. The download count also suggests the count of people in who maybe infected. This suggests that an Trojan-Downloader is actively using this free service to spread malware.
All the malware has to do is just use the HTTP get requests to download the file and execute it in the victim’s machine.
Another code page is displayed below.
The advantage the malware have here is that these sites are not blocked by any firewalls or Internet security suite and hence can bypass that level of protection. As Google Code is free hosting website for developers, attackers are taking advantage of the service to push their malware.
