Viewing a single comment thread. View all comments

aaaaaaaarrrrrgh t1_j2edgf7 wrote

a) zero day exploits really aren't that common anymore - most viruses require a human to manually start them, just visiting a web site and clicking links won't do it

b) most crawlers aren't actually "looking" at most of the content, so they'd just move around the virus without actually being affected by it

c) any exploit would likely be targeted against common browsers - the environment of the crawler would be different and the exploit/virus likely wouldn't work there, unless specifically targeting the crawler (and targeting the crawler is hard, because unlike the browser, it's not public so you can't easily test your attack)

d) if the operators have any common sense, the crawlers running inside a sandbox, so exploiting the crawler does nothing and the sandbox will be automatically destroyed and recreated from a clean version on a regular basis

e) targeting crawlers specifically would be a dangerous game: due to the sandboxing it's not too valuable, but you're exposing your (valuable) zero day to an environment that could be tightly monitored. If you get caught, your zero day will be fixed and become worthless.

0