Websense Mines for Malicious Code with Google

By Ryan Naraine  |  Posted 2006-07-10 Email Print this article Print
 
 
 
 
 
 
 

Security researchers have a brand-new tool with which to go digging for malicious executables on the Web: the Google SOAP Search API.

Security researchers have a brand-new tool to use to go digging for malicious executables on the Web: The Google SOAP Search API.

Malware hunters at Websense's Security Labs have figured out a way to use the freely available Google API to find dangerous .exe files sitting on thousands of Web servers around the world.

The Google API uses the SOAP (Simple Object Access Protocol) and WSDL (Web Services Description Language) standards to offer developers an easy way to run search queries outside of the browser and, because of the way the search engine indexes executables, Websense was able to create code to look for strings associated with malware packers.

Dan Hubbard, senior director of security and technology research at the San Diego-based Web filtering software firm, said the use of the Google API started as an experiment after bloggers noticed that some Google search queries were returning .exe files.

When Google indexes an executable file, Hubbard's research team found, the search engine parses the PE (Portable Executable) file format of the Windows executable. This means that queries can be written to extract items from the internals of the binary.

Read the full story on eWEEK.com: Websense Mines for Malicious Code with Google



 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters