Google Hacking Malicious Code


Security researcher H.D. Moore has released a new malware search engine and its underlying code to help searchers find malware code that Google has indexed.

But Google isn’t exactly happy about it.


Moore who co-authored the Metasploit Framework, a platform for testing and developing exploit code, also launched his Month of Browser Bugs (MoBB) project, which is disclosing a new browser vulnerability every day this month.


In addition to publicly posting the new malware search engine, Moore has posted the source code behind the engine in three segments: the Malware
Signature Generator; the Malware Google API Signature Search; and the Malware
Downloader.

All three have been released under the open source GPL license and have been written in Ruby .


Moore’s Malware search engine is hardly the first effort at what is commonly
referred to as “Google Hacking.”


Earlier this month, security firm WebSense rolled out a similar effort, which
Moore actually credits in his release, since WebSense, Moore said, refused to share the source code.


Application security vendor Fortify reported
this week that 20 percent to 30
percent of the attacks it recorded as part of a six-month study came as a
result of some form of search engine hacking.


Google is not particularly enamored by efforts to use its
index for malicious gain.


“As part of Google’s efforts to index all of the information online we find
that on occasion malicious executable files become available to users
through Google Web search,” Megan Quinn, a Google spokeswoman, told
internetnews.com. “We deplore these malicious efforts to violate our
users’ security.


“When possible, we endeavor to shield our users from these executable
files,” Quinn added. “However we always encourage users to keep their
security software up-to-date to ensure the safest Web surfing experience.”


Moore expects Google to take some action to prevent
exploitation.


“My bet is on Google deleting all binary files from their index or simply
not indexing any new ones,” Moore told internetnews.com.


In a typical open source project, issues such as maintenance and external
contributions eventually arise, though Moore doesn’t think that will
happen with the malware search project.


“I can’t imagine that the project will last long enough for the issue of
maintenance to come up.”

News Around the Web