Websense Mines for Malicious Code with GoogleBy Ryan Naraine | Posted 2006-07-10 Email Print
Security researchers have a brand-new tool with which to go digging for malicious executables on the Web: the Google SOAP Search API.
Security researchers have a brand-new tool to use to go digging for malicious executables on the Web: The Google SOAP Search API.
The Google API uses the SOAP (Simple Object Access Protocol) and WSDL (Web Services Description Language) standards to offer developers an easy way to run search queries outside of the browser and, because of the way the search engine indexes executables, Websense was able to create code to look for strings associated with malware packers.
Dan Hubbard, senior director of security and technology research at the San Diego-based Web filtering software firm, said the use of the Google API started as an experiment after bloggers noticed that some Google search queries were returning .exe files.
When Google indexes an executable file, Hubbard's research team found, the search engine parses the PE (Portable Executable) file format of the Windows executable. This means that queries can be written to extract items from the internals of the binary.
Read the full story on eWEEK.com: Websense Mines for Malicious Code with Google