|Using Google's Binary Search To Find Malware|
...pays to do that search before doing that download
Eweek and ComputerWorld Article:
|Dan Hubbard, senior director of security and technology research at the San Diego-based Web filtering software firm, said the use of the Google API started as an experiment after bloggers noticed that some Google search queries were returning .exe files. |
When Google indexes an executable file, Hubbard's research team found, the search engine parses the PE (Portable Executable) file format of the Windows executable. This means that queries can be written to extract items from the internals of the binary.
|By taking advantage Google's binary search capability, Websense has created new software tools that can sniff out malware using the popular search engine. Websense researchers Googled for strings that were used in known malware like the Bagel and Mytob worms and have uncovered about 2,000 malicious web sites over the past month, according to Dan Hubbard, senior director of security and research with Websense. |
|Security experts have found thousands of worms, trojans and malicious files all over the internet, by using the Google search engine. |
Google search finds widespread malicious code [computerweekly.com]
It's a good reminder to check files before you download them.
What I have seen is clicking a link is all you need to do to download this stuff as I posted here
Now I hold the cursor over the link first to see what it actually goes to.
If you are running wintel, especially XP, I've had real good luck with running as a limited user instead of an administrator. One of my machines is always logged on as a limited user. If I have any doubts at all about a site, I hit it from that machine.
When you run as a limited user, any malicious software might get downloaded but windoze doesn't give it the rights to install itself.
One problem is that one of the major antivirus apps doesn't like to run on machines with limited users. It will give you all kinds of errors. Their tech support's answer is 'run as an admin'. Yeah, and I'll put pennies in my fusebox.
Anyway, fwiw, I've found the limited user accounts to be **almost** (nothing is ever perfect) impervious to attack
Of course, especially if you are looking for something that Google really should not index, like warez.
You would think that they would be able to check for this and ban the sites?
If they actively look, then they begin to shoulder some of the liability of not removing ALL cases.
Would they have to tell us that they look?
A recent study found much higher % of malware on sponsored listings (in general),than organic listings.
SE's could do a better job of policing their ads.
A very cool usage of Google. I think we often forget that google indexes alot of binaries and searching on embedded strings can pop up alot of stuff. There are numerous seo applications here ;-)
New Phish email. First time one uses Gmail as the conduit:
|Websense Security Labs that investigates Internet threats has reported of an advanced phishing attack on the Google pages. The latest alert mentions that users are being shown a spoofed copy of the Gmail login page with a message claiming, "You WON $500.00!" |
nice try. anybody here has won 1.000.000 $ - just send me a small handling fee of 156$ so I can send you the money.
Do you really think somebody was smart enough to cough up those $8.70?