Software Turns Google into a Virus Scanner

Kfleming writes "Websense, a security vendor, has developed software that uses a binary search feature built into Google to hunt down malware. Using this technique researchers at Websense have uncovered over 2,000 websites hosting malware, and are also able to detect legitimate sites that have been hacked. Could this binary search feature also be used to exploit Google and trick users into downloading malware?"

What about dups?

Wish someone would use this to check for dups!!

BTW this is a dup.

Re:What about dups?

This is an outrage! Slashdot is an honorable and journalistically competent online-newspaper. There are no "dupes" here; it's all in your head.

Fucking un-American commie, offending our good god-loving, hard working editors.

I will see that your whole internet will be banned.

Re:What about dups?

[Guppy06]

Yeah, they'll implement that right after they add spell-check.

Let me introduce you to my friend, the Silent E!

Re:What about dups?

[bostonsoxfan]

Well if you put enough stuff on the internets the tubes will get clogged and you won't get your internets till today (Which was sent out three days ago of course.)

Re:What about dups?

I downloaded a couple of big internets yesterday, now I don't get my internets until after 7 days. They said i'd get my internets faster if I downloaded some fibre.

Re:What about dups?

[Blue+Trapezoid]

Well, it's always important for your own personal internet to get enough fibre so the connection can stay regular.

what a good idea

[gEvil+(beta)]

You don't say?

Re:what a good idea

[mgblst]

et tu, cowboyneal?

Re:what a good idea

[1u3hr]

And why on earth does this reference a blog that just regurgitates a PC World article?

Rhetorical question, obviously Cowboy Neal didn't want to spend more than 30 seconds on it.

Re:what a good idea

[thePig]

I am not really sure whether these dupes in slashdot is accidental or by design.
For one, this provides room for interesting and funny (eventhough cliched) comments
Also, although may have originated as a mistake, this is also part of the /. tradition.
So, just a way to maintain that.

Earlier, when the site was managed by 5/6 overworked (or lazy) people, one can understand the happening of dupes etc.
Now, when it is managed by a company, which easily can have processes to catch these dupes, I am not too sure.

It does provide a break from the monotony though :-)
Good work, /.

Re:what a good idea

Blogs are the new spam. Digg is about 95% blogspam, and now slashdot too. You make a phoney blog, copy some article vertbatim from another site, flood your blog with ads, and get places like slashdot to link to it to increase your google pagerank, making it more likely that people will go to your ad-ridden site from google on searches.

Re:what a good idea

Maybe they should try using software to turn google into a dupe scanner.

Re:what a good idea

? http://evil.google.com/ yields a 404... I need to be scared of this?

Re:what a good idea

[bunratty]

Slashdot should use Google search to find duplicate articles.

For his next project...

[Ariane+6]

He plans on using Google as an means to track down dupes on Slashdot!

Re:For his next project...

[gatzke]

And then use google to automatically find highly rated comments from the previous dupe and post them automagically to karma whore on /.

Speaking of automatic, could someone develop coordinated automatic scripts to take over digg? If they vote on front page stories, how many zombie clients would it take to push your stupid story or slashvertisement to their page or maybe make a couple stories dupe or trupe. I think I read they do have some sort of uber editor that does promote and kill stories, so it is not total control...

Re:For his next project...

[darkmeridian]

Uh, mods, parent was joking. He is not planning to use Google to track dupes on slashdot, so mod "funny" not "interesting".

Re:For his next project...

[MyLongNickName]

I think it is marked 'interesting' in the vain hope that one of the editors might suddenly get a clue.

So it should be marked -1 Naive.

Re:For his next project...

[Jester998]

I'm not sure there's enough CPU power on Earth to do that.

Re:For his next project...

[Ariane+6]

And then use google to automatically find highly rated comments from the previous dupe and post them automagically to karma whore on /.

Actually, I read neither the article nor the comments from the previous story, I simply remember seeing it on the main page. My comment above was simply the first thing that came to mind (and I typed it rapidly, as evidenced by the glaringly inappropriate article).

So, sorry, but I wasn't trying to karma whore.

Re:For his next project...

[gatzke]

It is pretty obvious you weren't whoring. Standard practice here is to cut and past some lengthy thoughtful (?) comment from the original or some previous version of the story to get karma with limited work. You wrote a simple one-liner.

And apologies on /.? What are we coming to? only flames please...

Re:For his next project...

[Tenebrarum]

If he needs assistance for doing that ... he's beyond help.

interesting ...

What is this google and where can i download it?

-Sj53

Re:interesting ...

[MyLongNickName]

Senator Ted Stevens

Re:interesting ...

[DittoBox]

It's a very large Internet so you can't immediately download it...Download it.

It's really big which means the tubes, you see, will be filled faster and will slow down the downloading of my Internet to my office, which means I won't get my emails from my office to my office through the tubes. The internets are just too big...too big. You see.

Re:interesting ...

Hold on, I'll send the google internets to you. But there are a few movies in the tubes, so it may not get to you for a few days.

URL Turns google into a dupe-checker

[rylin]

URL Turns google into a dupe-checker

Malware

[the+linux+geek]

Something that these 'security experts' seem to not understand is that the average user is ignorant of how computers/software work. Most users can't even be bothered to set up a password for their root/admin account. No amount of clever software is going to truly prevent the average user from loading his machine up with some form of malware. A step in the right direction would be simple things, like running as a non-root user by default.

Re:Malware

[Data+Link+Layer]

Thats a windows thing. Hopefully when they finally ship vista they will have a good user privilage system. A much better system compared tto beta 2 where you need to go through like seven steps just to delete a file.

Re:Malware

[postmortem]

Well not only that, but average user has a need to install more or less- malware. The trash software industry that makes junk loaded with spuyware addware and other poorly written software, targets averageuser, not the experts. The amount of software today created, and used in world requires that main user of computer uses his root account at least sparingly. However, I see the problem of user ignorance as a problem that is not necessarily unsolvable. It is that unsafe practices of its users create additional challenge for defensive software developers that has to be taken into account. For example, see how Unix systems perform well security-wise even without anti-virus software. It is that Microsoft hasn't taken this into account when designing Windows 2000 and XP.

Re:Malware

[jabberwock]

... and if a frog had wings, he wouldn't whomp his ass every time he jumped.

You're right, of course. But it's not so much "can't be bothered." Most users with an out-of-the box computer know of no reason to have a password other than for LOCAL security.

Manufacturers and/or MS could force the issue. But I've never heard that proposed anywhere. With wireless routers (another example) I've at least heard it *suggested* that units be shipped with software that forces a password change, or with some (simple?) security.

But there would be all those calls to India ...

-jeff
http://www.beautyfromafar.com/

"Binary search" ?!

[shreevatsa]

Not only is this a dupe, it is also confusing that they use "binary search" to mean "searching inside binary files", and not binary search in its usual sense .

Re:"Binary search" ?!

[jc42]

[I]t is also confusing that they use "binary search" to mean "searching inside binary files", and not binary search in its usual sense.

Come now, my good fellow; surely you don't expect computer people to start to honor precedence in their terminology. Why, that would be, uh, I think the word is "unprecedented".

We computer geeks have a long tradition of taking someone else's terminology and recycling it with meanings at odds with the earlier use. And in this case, the writer(s) probably thought they were inventing a new phrase. Chances are that they've never heard of binary trees, much less anything to do with using them for sorting and searching.

Re:"Binary search" ?!

[cgenman]

And in this case, the writer(s) probably thought they were inventing a new phrase.

Come now. The word you're looking for is "blogger." You can only stretch the term "writer" so far.

What are they talking about?

What is a *.exe? Never seen that kind of file on any of my three operating systems. Good, one thing less to worry about.

... you dupe stories, I dupe replies.

READ YOUR OWN SITE

Truly pathetic.

the real story is ..

[rs232]

The real story is why are we still getting 'Internet viruses' in the latter half of 2006 and why don't these 'security vendors' produce a soluton to the problem.

Re:the real story is ..

[kassemi]

Simply stated, because the existence of this issue is highly profitable.

Re:the real story is ..

[hritcu]

Because you and most other dummies are using a highly insecure operating system! That's why internet viruses still exist! The ONLY solution to this problem is to stop using Windows! Otherwise stop complaining at least.

Re:the real story is ..

[budgenator]

Websense has stated they do not plan to make the code public at this time and only plan to share it with a select group of researchers

ok so if I

1. set up a honeypot account at yahoo and get a bunch of spam in it,
2. scan it for viruses, if viral save a copy on a linux box,
3. look at it with a hex editor and pick out some ascii strings,
4. google the web for the strings inside the virus,

then appearently I'm using some uber-secret technic that only the elite security professionals should know.

OK so here is now the $25,000.00 question,
Given that google crawls the web, and it crawls the web by following publicly visable links, wouldn't how the google spiders got to the viral binary through the links, be much more interesting than the fact that the virus was there?

If you have a website, how hard would it be to write a perl script that crawls the site via the FTP, fingerprints the files, remembers which files have changed and feeds any files that did through clamAV; seems pretty simple to me.

Re:the real story is ..

[socreets]

R/DNA viruses have adapted to their environment over time just like code viruses have but the question that begs to be asked is will the code virus's evolution be something benign like the common cold merely being a nuisance yet coexisting with us with minimal bad side effects or towards a more Ebola like form of virulence where the end result for all future encounters is the mutual annihilation of itself and it's victim host.

Re:the real story is ..

[rs232]

"will the code virus's evolution be something benign like the common cold"

To continue this analogy how about innoculating the system against future atacks. Create a processor that scrambles the microcode table. It has a run mode and an install mode. At install mode it scrambles the OP codes in the program to match the table. Any forign code attempting to run is stoped dead in its tracks.

Or how to fix Windows. Create an embedded OS that runs an emulator that provides API functions to the applications. That way dot.NET would still be able to run without the security lapses. Oh, I just remembered with Embedded Java we would have had a safe and secure Internet years ago if his billness hadn't sabotaged it on the PC.

"Because you and most other dummies are using a highly insecure operating system" ,hritcu

Not I, its SuSE Linux. Personally I don't see Linux making the huge impact it deserves until the average dummy can walk into the high street shop and buy one.

The linked article is just looking for ad revenue

[Goldenhawk]

This looks suspiciously like self-promotion, trying to win a few dollars from Google AdSense placement. Yes, folks, Google can be used to make money. Who woulda known?

Skip the linked article and go straight to the source:
http://www.pcworld.com/news/article/0,aid,126371,0 0.asp

All the link does is duplicate the story summary, and then link to the PCWorld article.

Pardon me...

[WhiteWolf666]

But doesn't Google reliable obey Robots.txt ?

Seems like a DotBomb business plan....

So...

[multipartmixed]

...they are using the SOAP API to find virus-laden files.

Theres gotta be a joke in there somewhere..

"In Soviet Russia, SOAP cleans your computer!"

No wait.

"I for one welcome our freshly-washed overlords!"

Crap, that doesn't really work, either.

"Let's pour hot SOAP down Natalie Portman's pants!"

Hmm. I wouldn't mind doing that, but it's not particularly funny.

"Netcraft confirms it, SOAP can eliminate viruses!"

"Hey, Goatse man, did you lose this?"

.....ah, SCREW it. I have better things to with my time than to write comedy. Stephen King died today, and there are 300 victims of a Sri-Lankan Tsunami to worry about!

Re:So...

[UMNbandgeek]

Snakes on a plane?

Re:So...

[Nodatadj]

"I have better things to with my time than to write comedy."

Thank fuck for that...

Re:So...

[maxwell+demon]

"In Soviet Russia, SOAP cleans your computer!"

No wait.

In Soviet Russia, SOAP cleans YOU!

Big Deal

[tisme]

Big Deal, I have figured out how to use Google to eliminate my need to excrete bodily solids or fluids.

Re:Big Deal

HA! I figured out how to use google to help me excrete certain bodily fluids!

I'm not sure about solids, I guess some people must be into that kind of thing?

Note: That was a rhetorical question, I don't really want to know.

Don't see a problem

[bostonsoxfan]

I don't really see how this can be made to exploit code. Its a search for binary within a file. Within a file being the important phrase. I mean it could be code to hijack your computer but it won't run unless you download it. And I doubt mom and pop are using google search inside binary files ever. Hell I never heard of it before today. Those that use it probably are a bit OCD about protecting their computers.

soon my children...

[deamonpainter33]

google will be able to scan your bedroom and tell you if your enviornment will cause you cancer or not :P

Re:soon my children...

[Kadin2048]

google will be able to scan your bedroom and tell you if your enviornment will cause you cancer or not :P

And the answer will always be "Yes."

Re:soon my children...

[AndreiK]

bool roomClean()
{
/* This code copyright Google, and looking at this
is a copyright violation. See you in court. */
return false;
}

binary search? ..... oh, they meant binary search.

Looking at the summary I thought to myself: "Hmmm....you can tell google to use plain old binary search? And...what makes the binary search algorithm so usefull for finding websites hosting malware?"

Google / Slashdot Duplicates

[sugarmotor]

Would there be a way to avoid repeat Slashdot articles using Google?
(Bonus points -- without using Google)

Stephan

Note to the editors

[Spackler]

Actually, a question:

Editors: Do you read Slashdot?

Sure, its flamebait, but this is a joke sometimes.

The real Gem

[business_kid]

This is good news. The real gem that nobody seems to have commented on is google's bots which allow them to list the contents of a site automagically. I presume they have tacked Webenese onto them and watched the stats.

It could be a real boon once it translates into search warnings. But I can see some nasty trouble ahead with False Negatives and False Positives once everybody making spyware/malware/adware/viruses/worms starts reacting to this new threat to their existence. If google decided my clever line of flash was an executable ...

Thank goodness none of this really matters when you browse under linux.

It started with our abuse of the word "computer"

[jdbartlett]

I agree. I think we need to introduce more orthogonal terminology.

Perhaps this would make a good tool:

[Tavor]

A database of sites comprimised, using this binary Google scanner, to keep an accurate up-to-date record. Plug that record into a Firefox plugin, that will show if the website has been compromised in any way.

(My apologies if this doesn't make much sense, I just had wisdom teeth dug out of my skull, and I'm on lortabs.)

Re:Perhaps this would make a good tool:

There's a delay between the site going up and Google scanning it (along with the robots.txt problem someone mentioned).

If you have a bunch of binary strings that identify malware, just plug them straight in to a Firefox plugin, and have it refuse to download anything containing those strings.

No need to have Google in the loop at all.

Re:It started with our abuse of the word "computer

[jc42]

My wife likes to tell people that her first job title was "computer". That was back around 1970, when she got a job at a New York state surveyor's office. Her job was to do calculations required in surveying. She used several gadgets to assist in most of the calculations, of course, and those gadgets were called "calculators". Then for inexplicable reasons her job title got applied to some of the fancier calculators, so they had to change the job title to avoid the obvious confusion.

The defiition of "computer" is a bit odd. Technically it's defined as a device that stores its software in the same memory as its data. The definition doesn't actually require that it "compute" anything, though of course if it doesn't, its software is a bit pointless. But this sort of definition came about because the first programmable computing devices used different kinds of hardware to store data and programs. The idea of storing programs in writable memory was a major technical advance back in the 1940s, making it possible to write programs that manipulated other programs. This turned out to be such an important innovation that the resulting "stored-program calculators" were treated as an entirely new kind of beast, sufficiently different that a new name was needed for them.

There was a book on the topic published recently, called "When Computers Were Women".

sigh...

[djupedal]

"Could this binary search feature also be used to exploit Google and trick users into downloading malware?"

OK, who disabled my CbN filter?

'Could an empty coke can can be used to exploit hungry bears and trick them into drinking week old urine?'

And please stop telling the idiot that it is ok to look, act, talk and otherwise communicate like an idiot in public...

Re:It started with our abuse of the word "computer

There was a book on the topic published recently, called "When Computers Were Women".

For most of us, they still are.

Re:It started with our abuse of the word "computer

[jdbartlett]

Actually, the definition of "computer" is a bit more complicated than that. Your definition is certainly descriptive of its modern use (especially if by "technically" you mean "in terms of modern technology"), but the word's history reveals something more.

Like most English words, it has Latin origins: computo/computare. Broken down, this basically translates to "calculate/reckon/sum".

To save all this confusion, I propose we use the word "bitswitcher". As in, "I need to upgrade my Personal Bitswitcher."

2 can play that game sir

They're similar to the .com files on one of your operating systems, only newer

How dare you!

The language of my ancestors is "Webinese", you insensitive clod!

Easy to find...

[Brown]

Just google for it!

Re:It started with our abuse of the word "computer

[jc42]

I propose we use the word "bitswitcher".

I'd suggest something like "bitmuncher". ;-)

Google used by spammers

I've seen several spam/phishing emails recently where the URL went through Google - looked like some obscure result set with an IP address in the middle (obviously the payload's home address). Doesn't that make Google kinda sue-able and party to their crime...? Oh shit, Google's stock cratered a mere 8 seconds after I hit [Ok] on this posting.

Re:It started with our abuse of the word "computer

[jdbartlett]

Only if you use a striped array.

nice

nice one thanks :)
http://www.secgeeks.com/