Researcher posts Google-based malware search tool

Security researcher HD Moore has released a tool that can find malware using Google's search engine.

A well-known security researcher has released code that can be used to mine Google's database for malicious software.

The tool is similar to one developed by Web filtering vendor Websense last week, but which was not released to the general public. Websense said that making this software public could lead to its being misused by attackers.

Using a database of digital fingerprints of known malware -- called "signatures" -- the Malware Search tool uses the popular search engine to find a number of known worms and viruses. It was developed by HD Moore, the researcher best known as the developer of the widely used Metasploit hacking tool. Moore's tool, which was posted early Monday, can be found here.

Though Google is widely used to search the Internet for Web pages and office documents, the search engine also can peek through the binary information stored in the normally unreadable executable (.exe) files that are run by Windows computers. Google won't say when it added this feature, but it has gained the attention of security researchers over the past three months.

Moore built his tool to help shed some light on how much malware was actually being indexed by Google, he said. His findings: not much.

When the security researcher examined a sample of about 4G bytes of executable code, he found that very few of the programs were malicious. "You can search for malware, but it's not a big risk," he said.

Of the approximately 2,400 samples he examined, 125 contained malware. More than 90 of these popped up as part of malicious e-mail messages stored in online e-mail archives. The rest of the samples came from Web sites that were actively distributing malware.

So any attacker that might be looking to find new sources of malware using Moore's tool will probably be disappointed.

"Attackers have much better sources of malware and the items in the Google index are not recent or useful," he said. "If anything, the Google index is a great tool for determining who distributes malware -- the actual malware in question is not that interesting."

Though some have speculated that Google's ability to search through executable files might allow it to create its own shareware and freeware search service, Moore said that Google has not yet indexed enough files for this to be useful.

Three months ago, Google had indexed about 30,000 executable files. That number has now risen to about 112,000 samples, he said.

"Considering that they're Google, you'd expect better results," Moore said. "If they could grow their index of executables to some sort of useful amount, then this would be really useful," he said.

However, without some way of weeding out malicious software, this kind of service could be misused by attackers to trick users into downloading worms or viruses masquerading as legitimate downloads, Moore said.

Google declined to comment for this article except to say that it is aware that users can find malicious executables via its search engine, and is making an effort to shield users from this code.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Brand Post

Bitdefender 2019

Taking cybersecurity to the highest level and order now for a special discount on the world’s most awarded and trusted cybersecurity. Be aware without a care!

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?