RealTime IT News

Google Hacking Malicious Code

Security researcher H.D. Moore has released a new malware search engine and its underlying code to help searchers find malware code that Google has indexed.

But Google isn't exactly happy about it.

Moore who co-authored the Metasploit Framework, a platform for testing and developing exploit code, also launched his Month of Browser Bugs (MoBB) project, which is disclosing a new browser vulnerability every day this month.

In addition to publicly posting the new malware search engine, Moore has posted the source code behind the engine in three segments: the Malware Signature Generator; the Malware Google API Signature Search; and the Malware Downloader.

All three have been released under the open source GPL license and have been written in Ruby .

Moore's Malware search engine is hardly the first effort at what is commonly referred to as "Google Hacking."

Earlier this month, security firm WebSense rolled out a similar effort, which Moore actually credits in his release, since WebSense, Moore said, refused to share the source code.

Application security vendor Fortify reported this week that 20 percent to 30 percent of the attacks it recorded as part of a six-month study came as a result of some form of search engine hacking.

Google is not particularly enamored by efforts to use its index for malicious gain.

"As part of Google's efforts to index all of the information online we find that on occasion malicious executable files become available to users through Google Web search," Megan Quinn, a Google spokeswoman, told internetnews.com. "We deplore these malicious efforts to violate our users' security.

"When possible, we endeavor to shield our users from these executable files," Quinn added. "However we always encourage users to keep their security software up-to-date to ensure the safest Web surfing experience."

Moore expects Google to take some action to prevent exploitation.

"My bet is on Google deleting all binary files from their index or simply not indexing any new ones," Moore told internetnews.com.

In a typical open source project, issues such as maintenance and external contributions eventually arise, though Moore doesn't think that will happen with the malware search project.

"I can't imagine that the project will last long enough for the issue of maintenance to come up."