Bill’s Security Blog

The July 17th issue of eWeek gives a discussion of a new tool by Websense Security Labs. This tool integrates with the Google API to query the Google index for malicious software in sites of interested.

An interesting idea. Apparently, Google will index anything on a site, including executables. With executables, at least with Windows PE format exe’s, it indexes the ASCII strings from the executable.

You can, then, search for malware provided you know what the ASCII strings are within the executable. Websense must be updating some type of definition file with strings known to be in malware.

Naturally, if a hacker finds a site that is infected they can use those sites as repositories, remotely accessing the file without need to host it on a site that can be easily tracked to them.

Has anyone had success querying Google for any infected sites?

For more information, see Websense: http://www.websense.com/global/en/

Bill

This entry was posted on Thursday, July 20th, 2006 at 10:47 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.