Welcome to WebmasterWorld Guest from 23.22.200.6

Forum Moderators: Robert Charlton & aakk9999 & andy langton & goodroi

Message Too Old, No Replies

Using Google's Binary Search To Find Malware

...pays to do that search before doing that download

     
2:10 pm on Jul 10, 2006 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:22709
votes: 288


Eweek and ComputerWorld Article:
[eweek.com...]

Dan Hubbard, senior director of security and technology research at the San Diego-based Web filtering software firm, said the use of the Google API started as an experiment after bloggers noticed that some Google search queries were returning .exe files.

When Google indexes an executable file, Hubbard's research team found, the search engine parses the PE (Portable Executable) file format of the Windows executable. This means that queries can be written to extract items from the internals of the binary.

[computerworld.co.nz...]

By taking advantage Google's binary search capability, Websense has created new software tools that can sniff out malware using the popular search engine. Websense researchers Googled for strings that were used in known malware like the Bagel and Mytob worms and have uncovered about 2,000 malicious web sites over the past month, according to Dan Hubbard, senior director of security and research with Websense.

Security experts have found thousands of worms, trojans and malicious files all over the internet, by using the Google search engine.

Google search finds widespread malicious code [computerweekly.com]

It's a good reminder to check files before you download them.

3:14 pm on July 10, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member bwnbwn is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 25, 2005
posts:3492
votes: 3


engine
What I have seen is clicking a link is all you need to do to download this stuff as I posted here
[webmasterworld.com...]
Now I hold the cursor over the link first to see what it actually goes to.
3:19 pm on July 10, 2006 (gmt 0)

Preferred Member from US 

10+ Year Member

joined:May 6, 2004
posts:650
votes: 0


If you are running wintel, especially XP, I've had real good luck with running as a limited user instead of an administrator. One of my machines is always logged on as a limited user. If I have any doubts at all about a site, I hit it from that machine.

When you run as a limited user, any malicious software might get downloaded but windoze doesn't give it the rights to install itself.

One problem is that one of the major antivirus apps doesn't like to run on machines with limited users. It will give you all kinds of errors. Their tech support's answer is 'run as an admin'. Yeah, and I'll put pennies in my fusebox.

Anyway, fwiw, I've found the limited user accounts to be **almost** (nothing is ever perfect) impervious to attack

Chris

3:24 pm on July 10, 2006 (gmt 0)

Junior Member from US 

10+ Year Member

joined:Mar 26, 2005
posts:81
votes: 0


Of course, especially if you are looking for something that Google really should not index, like warez.
4:54 pm on July 10, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member beedeedubbleu is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Feb 3, 2004
posts:6102
votes: 6


You would think that they would be able to check for this and ban the sites?
6:03 pm on July 10, 2006 (gmt 0)

Full Member

10+ Year Member

joined:Mar 23, 2005
posts:331
votes: 0


If they actively look, then they begin to shoulder some of the liability of not removing ALL cases.
7:54 pm on July 10, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member beedeedubbleu is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Feb 3, 2004
posts:6102
votes: 6


Would they have to tell us that they look?
11:32 pm on July 10, 2006 (gmt 0)

Full Member

10+ Year Member

joined:Nov 12, 2005
posts:227
votes: 0


A recent study found much higher % of malware on sponsored listings (in general),than organic listings.
SE's could do a better job of policing their ads.
2:43 am on July 11, 2006 (gmt 0)

Administrator from US 

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 21, 1999
posts:38057
votes: 12


A very cool usage of Google. I think we often forget that google indexes alot of binaries and searching on embedded strings can pop up alot of stuff. There are numerous seo applications here ;-)
2:23 pm on July 11, 2006 (gmt 0)

Administrator from US 

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 21, 1999
posts:38057
votes: 12


New Phish email. First time one uses Gmail as the conduit:

[ciol.com...]

Websense Security Labs that investigates Internet threats has reported of an advanced phishing attack on the Google pages. The latest alert mentions that users are being shown a spoofed copy of the Gmail login page with a message claiming, "You WON $500.00!"
3:14 pm on July 11, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 29, 2003
posts:790
votes: 0


You WON $500.00!

nice try. anybody here has won 1.000.000 $ - just send me a small handling fee of 156$ so I can send you the money.

Do you really think somebody was smart enough to cough up those $8.70?

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members