Slashdot Mirror

← Back to Stories (view on slashdot.org)

Software Turns Google into a Virus Scanner

Posted by ryuzaki0 on from the safe-to-click dept.

Kfleming writes "Websense, a security vendor, has developed software that uses a binary search feature built into Google to hunt down malware. Using this technique researchers at Websense have uncovered over 2,000 websites hosting malware, and are also able to detect legitimate sites that have been hacked. Could this binary search feature also be used to exploit Google and trick users into downloading malware?"

27 of 72 comments (clear)

  1. what a good idea by gEvil+(beta) · · Score: 5, Funny

    You don't say?

    --
    This guy's the limit!
    1. Re:what a good idea by mgblst · · Score: 3, Funny

      et tu, cowboyneal?

    2. Re:what a good idea by bunratty · · Score: 2, Funny

      Slashdot should use Google search to find duplicate articles.

      --
      What a fool believes, he sees, no wise man has the power to reason away.
  2. For his next project... by Ariane+6 · · Score: 5, Funny

    He plans on using Google as an means to track down dupes on Slashdot!

    1. Re:For his next project... by gatzke · · Score: 2, Interesting

      And then use google to automatically find highly rated comments from the previous dupe and post them automagically to karma whore on /.

      Speaking of automatic, could someone develop coordinated automatic scripts to take over digg? If they vote on front page stories, how many zombie clients would it take to push your stupid story or slashvertisement to their page or maybe make a couple stories dupe or trupe. I think I read they do have some sort of uber editor that does promote and kill stories, so it is not total control...

  3. interesting ... by Anonymous Coward · · Score: 5, Funny

    What is this google and where can i download it?

    -Sj53

  4. URL Turns google into a dupe-checker by rylin · · Score: 4, Funny

    URL Turns google into a dupe-checker

  5. Malware by the+linux+geek · · Score: 4, Insightful

    Something that these 'security experts' seem to not understand is that the average user is ignorant of how computers/software work. Most users can't even be bothered to set up a password for their root/admin account. No amount of clever software is going to truly prevent the average user from loading his machine up with some form of malware. A step in the right direction would be simple things, like running as a non-root user by default.

    1. Re:Malware by Data+Link+Layer · · Score: 2, Insightful

      Thats a windows thing. Hopefully when they finally ship vista they will have a good user privilage system. A much better system compared tto beta 2 where you need to go through like seven steps just to delete a file.

    2. Re:Malware by postmortem · · Score: 2, Insightful

      Well not only that, but average user has a need to install more or less- malware. The trash software industry that makes junk loaded with spuyware addware and other poorly written software, targets averageuser, not the experts. The amount of software today created, and used in world requires that main user of computer uses his root account at least sparingly. However, I see the problem of user ignorance as a problem that is not necessarily unsolvable. It is that unsafe practices of its users create additional challenge for defensive software developers that has to be taken into account. For example, see how Unix systems perform well security-wise even without anti-virus software. It is that Microsoft hasn't taken this into account when designing Windows 2000 and XP.

  6. "Binary search" ?! by shreevatsa · · Score: 5, Informative

    Not only is this a dupe, it is also confusing that they use "binary search" to mean "searching inside binary files", and not binary search in its usual sense .

    1. Re:"Binary search" ?! by jc42 · · Score: 2, Interesting

      [I]t is also confusing that they use "binary search" to mean "searching inside binary files", and not binary search in its usual sense.

      Come now, my good fellow; surely you don't expect computer people to start to honor precedence in their terminology. Why, that would be, uh, I think the word is "unprecedented".

      We computer geeks have a long tradition of taking someone else's terminology and recycling it with meanings at odds with the earlier use. And in this case, the writer(s) probably thought they were inventing a new phrase. Chances are that they've never heard of binary trees, much less anything to do with using them for sorting and searching.

      --
      Those who do study history are doomed to stand helplessly by while everyone else repeats it.
  7. What are they talking about? by Anonymous Coward · · Score: 3, Funny

    What is a *.exe? Never seen that kind of file on any of my three operating systems. Good, one thing less to worry about.

    ... you dupe stories, I dupe replies.

  8. the real story is .. by rs232 · · Score: 4, Insightful

    The real story is why are we still getting 'Internet viruses' in the latter half of 2006 and why don't these 'security vendors' produce a soluton to the problem.

    --
    davecb5620@gmail.com
    1. Re:the real story is .. by kassemi · · Score: 2, Insightful

      Simply stated, because the existence of this issue is highly profitable.

      --
      What the hell's a "gewie?"
    2. Re:the real story is .. by budgenator · · Score: 2, Interesting
      Websense has stated they do not plan to make the code public at this time and only plan to share it with a select group of researchers

      ok so if I
      1. set up a honeypot account at yahoo and get a bunch of spam in it,
      2. scan it for viruses, if viral save a copy on a linux box,
      3. look at it with a hex editor and pick out some ascii strings,
      4. google the web for the strings inside the virus,
      then appearently I'm using some uber-secret technic that only the elite security professionals should know.

      OK so here is now the $25,000.00 question,
      Given that google crawls the web, and it crawls the web by following publicly visable links, wouldn't how the google spiders got to the viral binary through the links, be much more interesting than the fact that the virus was there?

      If you have a website, how hard would it be to write a perl script that crawls the site via the FTP, fingerprints the files, remembers which files have changed and feeds any files that did through clamAV; seems pretty simple to me.
      --
      Apocalypse Cancelled, Sorry, No Ticket Refunds
  9. The linked article is just looking for ad revenue by Goldenhawk · · Score: 4, Informative

    This looks suspiciously like self-promotion, trying to win a few dollars from Google AdSense placement. Yes, folks, Google can be used to make money. Who woulda known?

    Skip the linked article and go straight to the source:
    http://www.pcworld.com/news/article/0,aid,126371,0 0.asp

    All the link does is duplicate the story summary, and then link to the PCWorld article.

    --
    --Brandon / Split Infinity Music

  10. Pardon me... by WhiteWolf666 · · Score: 3, Informative

    But doesn't Google reliable obey Robots.txt ?

    Seems like a DotBomb business plan....

    --
    WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
  11. Re:What about dups? by Anonymous Coward · · Score: 3, Funny

    This is an outrage! Slashdot is an honorable and journalistically competent online-newspaper. There are no "dupes" here; it's all in your head.

    Fucking un-American commie, offending our good god-loving, hard working editors.

    I will see that your whole internet will be banned.

  12. Re:What about dups? by Guppy06 · · Score: 2, Funny

    Yeah, they'll implement that right after they add spell-check.

    Let me introduce you to my friend, the Silent E!

  13. So... by multipartmixed · · Score: 4, Funny
    ...they are using the SOAP API to find virus-laden files.

    Theres gotta be a joke in there somewhere..

    "In Soviet Russia, SOAP cleans your computer!"

    No wait.

    "I for one welcome our freshly-washed overlords!"

    Crap, that doesn't really work, either.

    "Let's pour hot SOAP down Natalie Portman's pants!"

    Hmm. I wouldn't mind doing that, but it's not particularly funny.

    "Netcraft confirms it, SOAP can eliminate viruses!"

    "Hey, Goatse man, did you lose this?"

    .....ah, SCREW it. I have better things to with my time than to write comedy. Stephen King died today, and there are 300 victims of a Sri-Lankan Tsunami to worry about!

    --

    Do daemons dream of electric sleep()?
  14. Big Deal by tisme · · Score: 2, Funny

    Big Deal, I have figured out how to use Google to eliminate my need to excrete bodily solids or fluids.

  15. Re:What about dups? by bostonsoxfan · · Score: 4, Funny

    Well if you put enough stuff on the internets the tubes will get clogged and you won't get your internets till today (Which was sent out three days ago of course.)

  16. soon my children... by deamonpainter33 · · Score: 2, Funny

    google will be able to scan your bedroom and tell you if your enviornment will cause you cancer or not :P

    --
    "In the kingdom where everything dies, the sky is mortal."
  17. Note to the editors by Spackler · · Score: 5, Interesting

    Actually, a question:

    Editors: Do you read Slashdot?

    Sure, its flamebait, but this is a joke sometimes.

  18. It started with our abuse of the word "computer" by jdbartlett · · Score: 2, Funny

    I agree. I think we need to introduce more orthogonal terminology.

  19. Re:It started with our abuse of the word "computer by jc42 · · Score: 2, Informative

    My wife likes to tell people that her first job title was "computer". That was back around 1970, when she got a job at a New York state surveyor's office. Her job was to do calculations required in surveying. She used several gadgets to assist in most of the calculations, of course, and those gadgets were called "calculators". Then for inexplicable reasons her job title got applied to some of the fancier calculators, so they had to change the job title to avoid the obvious confusion.

    The defiition of "computer" is a bit odd. Technically it's defined as a device that stores its software in the same memory as its data. The definition doesn't actually require that it "compute" anything, though of course if it doesn't, its software is a bit pointless. But this sort of definition came about because the first programmable computing devices used different kinds of hardware to store data and programs. The idea of storing programs in writable memory was a major technical advance back in the 1940s, making it possible to write programs that manipulated other programs. This turned out to be such an important innovation that the resulting "stored-program calculators" were treated as an entirely new kind of beast, sufficiently different that a new name was needed for them.

    There was a book on the topic published recently, called "When Computers Were Women".

    --
    Those who do study history are doomed to stand helplessly by while everyone else repeats it.