Slashdot Mirror

← Back to Stories (view on slashdot.org)

Open Source Malware Search Engine

Posted by ryuzaki0 on from the in-case-your-computer-isn't-infected-already dept.

chr0.ot writes "Metasploit creator HD Moore has released an open-source search engine that finds live malware samples through Google queries. From the article: 'The new Malware Search project provides a Web interface that allows anyone to enter the name of a known virus or Trojan and find Google results for Web sites hosting malicious executables.' The tool then searches for actual malware signatures and uses the signature output from ClamAV to find the name of the malware. This is then used in conjunction with a PE signature matching method to form a Google query. Afterwards the malware can then be downloaded directly from Google."

7 of 123 comments (clear)

  1. Re:Finding malware with search engine? by Anonymous Coward · · Score: 5, Informative

    Netsense search isn't open source, as is pointed out in the article.

    Also, this program supposedly highlights how relatively little malware Google actually indexes, contrary to the two earlier articles you cite. Thus this is an additional development, not a dupe.

  2. Re:Finding malware with search engine? by kkuehl · · Score: 3, Informative

    HD acknowledges that is where he got the idea. The point of his release is that it is opensource and available to anyone, unlike the websense version.

  3. Re:I wish google would incorporate this into searc by lifgrd1979 · · Score: 3, Informative

    Sorry Google can't do it, McAfee already bought that startup - http://www.siteadvisor.com/.

  4. Re:So I am going to write a virus by mysticgoat · · Score: 3, Informative

    How can an article whose content says the earlier article was bogus be a dupe of the earlier article?

    How can the initial announcement of a freely available tool be a dupe of the announcement of something that is not for public release?

    Conclusion: there are a lot idjits on slashdot who have learned to waggle their fingers on the keyboard and therefore think they are clever. Oh so clever.

    Slashdot has become the proving ground for kids who wanna grow up to be one of the million monkeys...

  5. Re:I guess I don't understand by doti · · Score: 2, Informative
    I do this on a daily basis for my Windows laptop, I search through my running processes to find strange things, search them on Google


    You really should try the excelent ProcessExplorer from SysInternals.
    --
    factor 966971: 966971
  6. Re:Thank God! by pNutz · · Score: 3, Informative

    I just bought a new PC, and i have no viruses yet.

    How do you know?

    How could he know?

    --
    Death and danger are my various breads and various butters.
  7. Re:First it was a dupe... by Ash+Vince · · Score: 3, Informative

    Actually, no it isnt. Although morons who dont read the full article might thinks it was.

    The previous stories

    (http://it.slashdot.org/article.pl?sid=06/07/15/12 53240 and http://it.slashdot.org/article.pl?sid=06/07/11/131 220)

    were referring to another security research co who did something similar and then refused to share it.
    This story is about someone not liking that they wont share, going a little bit further than they did and then putting it on a website and enabling it to the full.

    I looked at the previous (Websense) story on friday or whenever but found it a little annoying that there was nothing to back up the article. This time someone has actually posted a working link to a project and source code.

    --
    I dont read /. to RTFA, I read /. to offend people in ignorance.