HD Moore posts Google-based malware

By

HD Moore, a well-known security researcher, has released code that can be used to mine Google Inc.’s database for malicious software. Using a database of digital fingerprints of known malware — called “signatures” — the Malware Search tool uses the popular search engine to find a number of known worms and viruses. HD Moore put a site up on Monday thay allows the public to search the database here.

Though Google is widely used to search the Internet for Web pages and office documents, the search engine also can peek through the binary information stored in the normally unreadable executable (.exe) files that are run by Windows computers. Google won’t say when it added this feature, but it has gained the attention of security researchers over the past three months. Moore built his tool to help shed some light on how much malware was actually being indexed by Google, he said. His findings: not much. When the security researcher examined a sample of about 4G bytes of executable code, he found that very few of the programs were malicious. “You can search for malware, but it’s not a big risk,” he said. Of the approximately 2,400 samples he examined, 125 contained malware. More than 90 of these popped up as part of malicious e-mail messages stored in online e-mail archives. The rest of the samples came from Web sites that were actively distributing malware.

Comments are closed.