Software turns Google into a Virus Scanner
Websense, a well known security vendor has created software that turns the worlds most popular web search engine into an Internet virus scanner, capable of finding websites hosting malware. Using a binary search feature Google is able to look inside hosted .exe files that are normally unreadable. Researchers at Websense developed software tools that use this feature and are able to "google" for stings known to be used in popular malware worms such as Bagel and Mytob. They uncovered more than 2,000 websites hosting these malicious files and also were able to detect legitimate sites that had been hacked.
Websense has stated they do not plan to make the code public at this time and only plan to share it with a select group of researchers. Some people fear that this same technique could be used to manipulate the search engine and trick users into downloading malware. Now that the word is out, it will be interesting to see if similar tools are developed and made available to the public that use the same technique. Source: PC World
I run a fairly large site that allows users to upload and share photos and files, software like this would be pretty useful to us because we constantly have to be on the lookout for malware, trojens or anything malicious users will upload.
too little, too late.
@forgiste
not really. This is actually exactly what’s needed: a better way to track down which websites are deliverying malware so they can be added to whitelist utilities like McAffee’s site advisor or various desktop security apps and/or have pressure placed on their ISPs to shut them down. This sort of thing can’t be a replacement for better security on the desktop (ie, fix windows) but it could certainly help. Desktop AV is kind of like spraying insect repelant on yourself. The above could be like spraying insecticide on standing water. Kill the source.
@Jbrood
I don’t think this would suit your needs at all. You want to detect when a user uploads a naughty file immediately, not recieve an e-mail a week later when google crawls your site. You should to run any standard AV on your Windows Webserver or run mod_clamav on your *nix apache server. The fact that you aren’t already doing this baffles me. How large is “fairly large”?
How does that work? I’m curious to find out. Even Google’s spiders don’t have access to .EXE files ( or binary executables ) on any properly configured web server. So how can they be indexed, let alone searched?
To Ashwin: The crawler simply follows links. In order to have users download the malware, then they musta have a way of directing users to it, aka a hyperlink. Thath is how google indexes it.
But, very soon the owners of the techhies at the malware hosting websites will have their exe’s accessible the encapsulated way and then there is no way google will be able to find a directed link to the exe’s. I wonder how will google and Websense act then.
Kaushik, what the heck are you babbling about. This technique is for scanning files that people can freely download from a webserver to see if they actually have a virus, not to scan the server itself to see if it is infected with viruses. Even if you construct another wierd argument about securing files, the point is to scan the downloadable files. Nobody cares if the file is infected if it can’t be downloaded.
i think it seems to be pretty good ideal.
hahahahahaha
Computer Security Tips…
I couldn’t understand some parts of this article, but it sounds interesting…