Slashdot Mirror

← Back to Stories (view on slashdot.org)

Virus Trackers Find Malware With Google

Posted by ryuzaki0 on from the bug-hunters dept.

Casper the Angry Ghost writes "Malware hunters have figured out a way to use the freely available Google SOAP Search API, as well as WDSL, to find dangerous .exe files sitting on thousands of Web servers around the world. Queries can be written to examine the internals of web-accessible binaries, thus allowing the hunters to identify malicious code from across the internet." From the article: "We're finding literally thousands of sites with malicious code executables. From hacker forums, newsgroups to mailing list archives, they're all full of executables that Google is indexing. About 15 percent of the results came back from legitimate Web sites hijacked by malicious hackers and seeded with executables."

9 of 113 comments (clear)

  1. SiteAdvisor by torunforever · · Score: 2, Insightful

    Is this similar to what SiteAdvisor is doing?

  2. Re:do no evil, rat out evil by Anonymous Coward · · Score: 2, Insightful

    I think you're getting a little ahead of yourself in giving Google credit for this. It's not like creating an interface for malware hunting was intentional on their part...

  3. Re:do no evil, rat out evil by ZachPruckowski · · Score: 3, Insightful

    In any case, the only thing I can figure about the quote is that Google indexing these sites helps to spread the malware around.

    Only if you're looking for it in the first place (like if your a hacker). It doesn't affect Joe-Average.

  4. Re:Securing the Search Engine? by ZachPruckowski · · Score: 3, Insightful

    I think the real question is "How accurate is it?" I mean that in the sense that "false positives" could be the basis of a slander lawsuit, and "false negatives" are even more dangerous than no warning.

    I mean, Joe Average, assuming we get him to eventually worry about malware, might look at the SOAP thing, not see a warning, and assume that means it's a safe site (which may or may not be true). Then he'll get nailed, thinking other precautions are unnecessary.

  5. Re:do no evil, rat out evil by jc42 · · Score: 4, Insightful

    Is there some potential badness that Google is indexing binary file content? What might that be?

    The computer industry does have a nasty history of "shooting the messenger" when malware is reported. People really don't want to know that their machine has been compromised, especially if it implies lax security on their part. They routinely react by firing or prosecuting the people who do anything to pinpoint security problems like this. We can expect to read stories of threats against people who use this Google feature to find security problems.

    The obvious explanation here is the old "stupidity rather than malice" saying. But this might not always be true. When someone in authority attempts to punish someone for exposing a security problem, you should probably assume that they understand what they're doing and have a motive for their action. It's likely that some of those with the authority to punish messengers are doing so because they don't want the problems exposed, for reasons of personal (or institutional) profit.

    --
    Those who do study history are doomed to stand helplessly by while everyone else repeats it.
  6. Re:Web Site Contact by badfish99 · · Score: 3, Insightful
    Given the current state of the law, it is really dangerous to contact a site owner and tell him that his site is insecure. It is quite likely that you will be prosecuted for "unauthorised access" to the site.

    Much better to just add the site to your personal list of things to avoid, and then forget about it.

  7. Re:Securing the Search Engine? by Secret+Agent+X23 · · Score: 2, Insightful
    My initial thought would be the ability to filter your Google searches so that websites that are potentially carrying MalWare are either flagged or not shown at all.
    I thought of that, too. But then it occurred to me that the legal folks at Google would probably see it as nothing more than a lawsuit waiting to happen.
  8. Re:do no evil, rat out evil by pclminion · · Score: 4, Insightful

    So, Google takes the "do no evil" a step further and calls evil out.

    Drop the stupid melodrama. Google is a mechanism for searching for strings of bytes inside other strings of bytes, and prioritizing the results according to certain algorithms. "Calling evil out?" You're insane. I suppose the ANSI C function strstr() is also a Wielder Of The Sword Of Righteousness?

    Is there some potential badness that Google is indexing binary file content? What might that be?

    How about the RIAA using it to locate caches of MP3 files? It's plausible that a person might have personal backups of their music collection (or *shock* music they purchased on iTunes) and accidentally have those files on a public web server. (Or they could be pirates -- the point is, the technology is not "good" nor is it "evil").

  9. Roll Your Own Google API Searches by ejoe · · Score: 2, Insightful

    In case you want to try this at home, presuming you're on a MacOS X box and you've got your own free API key from Google, you can easily access the Google API SOAP service using Anthracite Web Mining Desktop toolkit. Combine it with AppleScript and you're off to the races making your own automated searches. In addition to the Google API interface, there's also a generic SOAP source object for accessing any other SOAP services you want to try. Several examples are included with the download, like how to build a ranked list of top keywords for any given search term. Not only does it get the search results, it will also go load the URLs returned for you automatically. Yes, I wrote the software, and that's why I'm always busy promoting it.