Recent reports are suggesting that hackers are using vulnerabilities in Google Code more frequently to distribute malware. Below is a comment by Simon Mullis, European Technical Lead at FireEye on these findings and how organisations can detect such exploits:
“It's easy to criticise Google's security posture for Google Code hosting malware, but in reality it is trivial to hide or obfuscate stages of the malware attack life-cycle on any site that supports user-editable content and we should not be surprised. I'm sure Google Code and other sites are hosting as yet undetected stages of malware attacks. Major social media, business networking and auction sites have all unknowingly played their part in this and we at FireEye see this all of the time. Malware attacks often split their assets in multiple stages cross multiple unrelated locations on the web. Think of it like a distributed jigsaw, with pieces randomly strewn about the Internet. How are you to know that the jigsaw is not really a picture of a kitten after all but actually the malware equivalent of a Velociraptor strapped with lasers and dynamite? The key here is detecting the initial exploit at the end-user and understanding the context of all of the network traffic involved in an attack. If you cannot detect the exploit, the rest of the stages of the attack can be easily hidden from you."