Welcome to WebmasterWorld Guest from 54.167.185.18

Message Too Old, No Replies

Using Google's Binary Search To Find Malware

...pays to do that search before doing that download

   
2:10 pm on Jul 10, 2006 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



Eweek and ComputerWorld Article:
[eweek.com...]

Dan Hubbard, senior director of security and technology research at the San Diego-based Web filtering software firm, said the use of the Google API started as an experiment after bloggers noticed that some Google search queries were returning .exe files.

When Google indexes an executable file, Hubbard's research team found, the search engine parses the PE (Portable Executable) file format of the Windows executable. This means that queries can be written to extract items from the internals of the binary.

[computerworld.co.nz...]

By taking advantage Google's binary search capability, Websense has created new software tools that can sniff out malware using the popular search engine. Websense researchers Googled for strings that were used in known malware like the Bagel and Mytob worms and have uncovered about 2,000 malicious web sites over the past month, according to Dan Hubbard, senior director of security and research with Websense.

Security experts have found thousands of worms, trojans and malicious files all over the internet, by using the Google search engine.

Google search finds widespread malicious code [computerweekly.com]

It's a good reminder to check files before you download them.

3:14 pm on Jul 10, 2006 (gmt 0)

WebmasterWorld Senior Member bwnbwn is a WebmasterWorld Top Contributor of All Time 5+ Year Member



engine
What I have seen is clicking a link is all you need to do to download this stuff as I posted here
[webmasterworld.com...]
Now I hold the cursor over the link first to see what it actually goes to.
3:19 pm on Jul 10, 2006 (gmt 0)

10+ Year Member



If you are running wintel, especially XP, I've had real good luck with running as a limited user instead of an administrator. One of my machines is always logged on as a limited user. If I have any doubts at all about a site, I hit it from that machine.

When you run as a limited user, any malicious software might get downloaded but windoze doesn't give it the rights to install itself.

One problem is that one of the major antivirus apps doesn't like to run on machines with limited users. It will give you all kinds of errors. Their tech support's answer is 'run as an admin'. Yeah, and I'll put pennies in my fusebox.

Anyway, fwiw, I've found the limited user accounts to be **almost** (nothing is ever perfect) impervious to attack

Chris

3:24 pm on Jul 10, 2006 (gmt 0)

10+ Year Member



Of course, especially if you are looking for something that Google really should not index, like warez.
4:54 pm on Jul 10, 2006 (gmt 0)

WebmasterWorld Senior Member beedeedubbleu is a WebmasterWorld Top Contributor of All Time 10+ Year Member



You would think that they would be able to check for this and ban the sites?
6:03 pm on Jul 10, 2006 (gmt 0)

10+ Year Member



If they actively look, then they begin to shoulder some of the liability of not removing ALL cases.
7:54 pm on Jul 10, 2006 (gmt 0)

WebmasterWorld Senior Member beedeedubbleu is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Would they have to tell us that they look?
11:32 pm on Jul 10, 2006 (gmt 0)

5+ Year Member



A recent study found much higher % of malware on sponsored listings (in general),than organic listings.
SE's could do a better job of policing their ads.
2:43 am on Jul 11, 2006 (gmt 0)

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



A very cool usage of Google. I think we often forget that google indexes alot of binaries and searching on embedded strings can pop up alot of stuff. There are numerous seo applications here ;-)
2:23 pm on Jul 11, 2006 (gmt 0)

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



New Phish email. First time one uses Gmail as the conduit:

[ciol.com...]

Websense Security Labs that investigates Internet threats has reported of an advanced phishing attack on the Google pages. The latest alert mentions that users are being shown a spoofed copy of the Gmail login page with a message claiming, "You WON $500.00!"
3:14 pm on Jul 11, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



You WON $500.00!

nice try. anybody here has won 1.000.000 $ - just send me a small handling fee of 156$ so I can send you the money.

Do you really think somebody was smart enough to cough up those $8.70?