Welcome to WebmasterWorld Guest from 188.8.131.52
Dan Hubbard, senior director of security and technology research at the San Diego-based Web filtering software firm, said the use of the Google API started as an experiment after bloggers noticed that some Google search queries were returning .exe files.
When Google indexes an executable file, Hubbard's research team found, the search engine parses the PE (Portable Executable) file format of the Windows executable. This means that queries can be written to extract items from the internals of the binary.
By taking advantage Google's binary search capability, Websense has created new software tools that can sniff out malware using the popular search engine. Websense researchers Googled for strings that were used in known malware like the Bagel and Mytob worms and have uncovered about 2,000 malicious web sites over the past month, according to Dan Hubbard, senior director of security and research with Websense.
Security experts have found thousands of worms, trojans and malicious files all over the internet, by using the Google search engine.
Google search finds widespread malicious code [computerweekly.com]
It's a good reminder to check files before you download them.
When you run as a limited user, any malicious software might get downloaded but windoze doesn't give it the rights to install itself.
One problem is that one of the major antivirus apps doesn't like to run on machines with limited users. It will give you all kinds of errors. Their tech support's answer is 'run as an admin'. Yeah, and I'll put pennies in my fusebox.
Anyway, fwiw, I've found the limited user accounts to be **almost** (nothing is ever perfect) impervious to attack
Websense Security Labs that investigates Internet threats has reported of an advanced phishing attack on the Google pages. The latest alert mentions that users are being shown a spoofed copy of the Gmail login page with a message claiming, "You WON $500.00!"