Zscaler pointed out that even though Google claims that any project including malicious files will be taken down, it takes the Google Code team a rather long time to detect them by scanning the hosted content.
Most of the files are executables or .rar archives.
Further analysis showed that if xin.exe was executed on a system, it would try to download other malware hosted on this project site through a series of GET requests.
The security researchers analyzed the rest of the files, and concluded it is a collection of Trojans, keyloggers, backdoors, and other malware. An analysis one of the files with ThreatExpert points to China as the country of origin.
After this discovery was made public, Google removed the offending project. But this instance shows that the company must find a better way of detecting malware hosted on its sites.
