By constantly downloading random information from the internet, wouldn’t you be exposing yourself to tons of malicious content? Aren’t there pages that can run malware without you even clicking on anything?
A better example than search engines might be something like “the wayback machine”, a site that actually saves the pages, and not just links.
In: 12
a) zero day exploits really aren’t that common anymore – most viruses require a human to manually start them, just visiting a web site and clicking links won’t do it
b) most crawlers aren’t actually “looking” at most of the content, so they’d just move around the virus without actually being affected by it
c) any exploit would likely be targeted against common browsers – the environment of the crawler would be different and the exploit/virus likely wouldn’t work there, unless specifically targeting the crawler (and targeting the crawler is hard, because unlike the browser, it’s not public so you can’t easily test your attack)
d) if the operators have any common sense, the crawlers running inside a sandbox, so exploiting the crawler does nothing and the sandbox will be automatically destroyed and recreated from a clean version on a regular basis
e) targeting crawlers specifically would be a dangerous game: due to the sandboxing it’s not too valuable, but you’re exposing your (valuable) zero day to an environment that could be tightly monitored. If you get caught, your zero day will be fixed and become worthless.
Latest Answers