Stories
Slash Boxes
Comments

Slashdot

News for nerds, stuff that matters

Create Account | Retrieve Password

Stories

Slashdot Log In

Create Account | Retrieve Password

Open Source Malware Search Engine

Posted by ScuttleMonkey on Tue Jul 18, 2006 06:06 AM
from the in-case-your-computer-isn't-infected-already dept.

chr0.ot writes "Metasploit creator HD Moore has released an open-source search engine that finds live malware samples through Google queries. From the article: 'The new Malware Search project provides a Web interface that allows anyone to enter the name of a known virus or Trojan and find Google results for Web sites hosting malicious executables.' The tool then searches for actual malware signatures and uses the signature output from ClamAV to find the name of the malware. This is then used in conjunction with a PE signature matching method to form a Google query. Afterwards the malware can then be downloaded directly from Google."

+ -

slashdot story

This discussion has been archived. No new comments can be posted.

Open Source Malware Search Engine More

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Without JavaScript enabled, you might want to use the classic discussion system instead. If you login, you can remember this preference.

So.. (Score:5, Funny)

by michaelhood (667393) on Tuesday July 18 2006, @06:14AM (#15735441)

Let me get this straight.. now Google is good for porn AND viruses?

How do the other engines stay in business?!?
- Re:So.. (Score:2)
  
  by DaHat (247651)
  
  I knew they were evil.
- Re:So.. (Score:5, Funny)
  
  by Anonymous Coward on Tuesday July 18 2006, @08:47AM (#15736079)
  
  ..now Google is good for porn AND viruses?
  
  So, basically, the Internet is exactly like real sex now, only easier to get.
  
  Parent
  - Re:So.. (Score:3, Funny)
    
    by cp.tar (871488)
    
    Dunno... I still have to pay for the Internet connection.
  - Re:So.. (Score:2)
    
    by jb.hl.com (782137)
    
    Yeah...you plug in, and 20 minutes later you're infected.
- Re:So.. (Score:2)
  
  by Intron (870560)
  
  Yes. Google is good for viruses [symantec.com]. I guess it works both ways.
Finding malware with search engine? (Score:5, Insightful)

by broothal (186066) <christian@fabel.dk> on Tuesday July 18 2006, @06:16AM (#15735447) Homepage Journal

I wonder how they got that idea [slashdot.org]. I've never heard of it before [slashdot.org].
- Re:Finding malware with search engine? (Score:4, Funny)
  
  by The Ultimate Fartkno (756456) on Tuesday July 18 2006, @06:41AM (#15735513)
  
  I bet the editor of this story lives in Belleville. /obscure?
  
  Parent
- Re:Finding malware with search engine? (Score:5, Informative)
  
  by Anonymous Coward on Tuesday July 18 2006, @06:43AM (#15735520)
  
  Netsense search isn't open source, as is pointed out in the article.
  
  Also, this program supposedly highlights how relatively little malware Google actually indexes, contrary to the two earlier articles you cite. Thus this is an additional development, not a dupe.
  
  Parent
  - Re:Finding malware with search engine? (Score:2)
    
    by HTH NE1 (675604)
    
    Then shouldn't those other articles be linked as related articles?
- Re:Finding malware with search engine? (Score:3, Informative)
  
  by kkuehl (980075)
  
  HD acknowledges that is where he got the idea. The point of his release is that it is opensource and available to anyone, unlike the websense version.
- Re:Finding malware with search engine? (Score:2, Funny)
  
  by Anonymous Coward
  
  I wonder if there's any way to use Google to find dup... triplicates.
Microsoft Version! (Score:3, Funny)

by LiquidCoooled (634315) on Tuesday July 18 2006, @06:17AM (#15735448) Homepage Journal

Clippy:
It looks like your searching for viruses,
well your in the right place.

ps, anyone else notice that slashdot is like waiting for a bus, you wait for hours with no updates then 4 come along all at once.
Hope the problems have been fixed now.
- - - Re:Since we're off on a tangent anyway (Score:2)
      
      by mingot (665080)
      
      The your/you're thing is a pet peeve of mine. The extra vitrol was just revenge for the poster subjecting me to yet another "OMPG CLIPPLY LOLLZORS M$ SUCKS" post.
      
      SO, how did your reply to me make YOU feel?
    - - Re:Since we're off on a tangent anyway (Score:4, Funny)
        
        by Filip22012005 (852281) on Tuesday July 18 2006, @08:00AM (#15735838)
        
        I've got in the habit now when reading slashdot of if I can't understand a post, reading it as if i was speaking it (but silently of course).
        
        I'm trying to read this sentence as if you were speaking it. And you sound sort of silly.
        
        Parent
      - Re:Since we're off on a tangent anyway (Score:2, Funny)
        
        by rowama (907743)
        
        I've got in the habit now when reading slashdot of if I can't understand a post, reading it as if i was speaking it.
        
        Didja read or speak this before posting? Improper verb usage, mangled propositional phrase, missing punctuation.
        
        FTR, I'm not a grammar nazi, but you, by claiming such, opened you'reself up for a little good-natured criticism.
        
        Regards.
        
        Re:Since we're off on a tangent anyway (Score:2, Funny)
        
        by rowama (907743)
        
        Your being too kind.
        
        Since I don't normally like to engage in the karma-damaging activity of trolling, I was hoping to get some bang-for-the-buck out of my post. Thus, I left two juicy pieces of bait (i.e., grammatical errors) in my post, and promptly started meta-moderating my heart out to counter the impending down-mod.
        
        BTW, "my particular dialect" must mean english is an auxiliary language for you. Kudos on that and never apologize for the occasional mess-up. I am not among those who are multilingual, s
        
        Re:Since we're off on a tangent anyway (Score:3, Funny)
        
        by mooingyak (720677)
        
        Your being too kind.
        
        Usually it's not worth the effort, but given this thread I just had too...
        
        That should be:
        
        You're being too kind.
        
        Re:Since we're off on a tangent anyway (Score:2)
        
        by thc69 (98798)
        
        I just had too...
        You just had what?
        
        Re:Since we're off on a tangent anyway (Score:2)
        
        by mooingyak (720677)
        
        I clicked submit, and then spotted that right away. I wish I could claim I did it on purpose, but I guess it's just that rule about grammar/spelling corrections having a goof of their own.
        
        But pretending I'm all knowing and stuff and that I make no mistakes:
        
        Just replace the ellipsis with "much beer"
        
        You win! (Score:2, Funny)
        
        by rowama (907743)
        
        Yep, it is. Congrats, you win the prize: a PS3 running Vista. This offer expires in 30 days.
I wish google would incorporate this into searches (Score:5, Interesting)

by transporter_ii (986545) on Tuesday July 18 2006, @06:37AM (#15735497) Homepage

I in no way think that google should block sites, but it would be nice if they would scan sites witht this -- especially for sites that install stuff through holes in IE -- and put a little icon on search results that return an infected site. That way you could at least have a heads up before you clicked on a search result about what you were getting into. It would also be great for Firefox, when everyone gets to see how many sites are exploiting IE.

Transporter_ii
- Re:I wish google would incorporate this into searc (Score:3, Informative)
  
  by lifgrd1979 (219103)
  
  Sorry Google can't do it, McAfee already bought that startup - http://www.siteadvisor.com/ [siteadvisor.com].
  - Re:I wish google would incorporate this into searc (Score:2)
    
    by KiloByte (825081)
    
    http://www.siteadvisor.com/
    Holy crap. They list most of the worst offenders as "green" -- even crap like valueclick.com or lop.com.
    I see that they fit into McAfee's quality pretty well.
    - Re:I wish google would incorporate this into searc (Score:2)
      
      by westlake (615356)
      
      Holy crap. They list most of the worst offenders as "green"
      McAfee's automated scans can't and won't red-flag a corporate home page simply because the company is on your personal black list. You might, however, take the time to post a comment.
- McAfee SiteAdvisor (Score:2)
  
  by westlake (615356)
  
  put a little icon on search results that return an infected site. That way you could at least have a heads up before you clicked on a search result about what you were getting into. It would also be great for Firefox, when everyone gets to see how many sites are exploiting IE.
  Sounds rather like McAfee SiteAdvisor [siteadvisor.com] for IE and Firefox.
  SiteAdvisor tests e-mail, downloads, and links. Give an e-mail address to Slashdot and you can expect 6.9 e-mails per week. Reports are detailed and comments can be posted.
  Th
- Move Quickly! (Score:2)
  
  by jefu (53450)
  
  Good idea. Now you should Move Quickly and patent the idea.
  (Unless McAfee has already done so since another poster notes they do something similar.)
So I am going to write a virus (Score:3, Funny)

by The Ape With No Name (213531) on Tuesday July 18 2006, @06:42AM (#15735516) Homepage

that snags a random payload off this site! Thanks Metasploit!

BTW, Dupe, Dupity Dupe, Dupe.
- Re:So I am going to write a virus (Score:4, Informative)
  
  by mysticgoat (582871) * on Tuesday July 18 2006, @08:30AM (#15735965) Journal
  
  How can an article whose content says the earlier article was bogus be a dupe of the earlier article?
  How can the initial announcement of a freely available tool be a dupe of the announcement of something that is not for public release?
  Conclusion: there are a lot idjits on slashdot who have learned to waggle their fingers on the keyboard and therefore think they are clever. Oh so clever.
  Slashdot has become the proving ground for kids who wanna grow up to be one of the million monkeys...
  
  Parent
Thank God! (Score:3, Funny)

by skinnygmg (964698) on Tuesday July 18 2006, @07:14AM (#15735627) Homepage

I just bought a new PC, and i have no viruses yet.
- Re:Thank God! (Score:5, Insightful)
  
  by Ash-Fox (726320) on Tuesday July 18 2006, @07:18AM (#15735641) Homepage
  
  I just bought a new PC, and i have no viruses yet.
  How do you know?
  
  Parent
  - Re:Thank God! (Score:3, Informative)
    
    by pNutz (45478)
    
    I just bought a new PC, and i have no viruses yet.
    
    How do you know?
    
    How could [arstechnica.com] he know?
  - Microsoft Malware Remover says so! (Score:2)
    
    by The MAZZTer (911996)
    
    Duh!
I wonder... (Score:3, Funny)

by Anonymous Coward on Tuesday July 18 2006, @07:17AM (#15735636)

what MS has to say about this.
This is outright competition for their closed source malware search engine IE.
I use Windows (Score:5, Funny)

by Cro Magnon (467622) on Tuesday July 18 2006, @07:20AM (#15735648) Homepage Journal

I don't need a search engine to find malware.
- Re:I use Windows (Score:3, Funny)
  
  by houghi (78078)
  
  Indeed. In Soviet America malware searches you.
- Re:I use Windows (Score:4, Funny)
  
  by Opportunist (166417) on Tuesday July 18 2006, @08:09AM (#15735878)
  
  That's right, Windows provides this service to you, free of extra charge, it's bundled into the system and can't be removed easily, despite some claims by other malware writers who claim they can't make business because of that!
  
  Just click start - search...
  
  Parent
the other way around? (Score:2, Interesting)

by luag (959452)

"to enter the name of a known virus or Trojan and find Google results for Web sites hosting malicious executables" we should be able to do it the other way around too. enter the url for websites we suspect first then list if the websites host malicious executables. imo its more useful that way :)
- *sniff* (Score:2)
  
  by Opportunist (166417)
  
  Do I smell an idea I should forward to marketing...?
AWRIGHT!! an OS infector! w00t! (Score:2)

by swschrad (312009)

pray tell WTF difference is this from another virus kit? this dude's life is going to be a screaming hell when everybody tees off on him.
what is the use case? (Score:2)

by mapkinase (958129)

Is it like I am a webmaster and I am blocking visits from the blacklisted websites?
- Can also be misread as... (Score:2)
  
  by CaymanIslandCarpedie (868408)
  
  enignE hcraeS erawlaM ecruoS nepO
- Careful...Skynet...Matrix...DupeDot... (Score:2, Funny)
  
  by The_REAL_DZA (731082)
  
  ...The tool then searches for appropriate responses and posts a response to the new article on Slashdot proclaiming it to be a dupe...
  
  Sounds like this thing's just a few modules short of obsoletizing us all; give this thing a "beowulf cluster" module and a "in Soviet Russia" module and it'd be pretty well self-contained. Any day now it'll be welcoming it's overlord self...
- Re:I guess I don't understand (Score:3, Informative)
  
  by doti (966971)
  
  I do this on a daily basis for my Windows laptop, I search through my running processes to find strange things, search them on Google
  
  You really should try the excelent ProcessExplorer from SysInternals [sysinternals.com].
- Re:I guess I don't understand (Score:2)
  
  by CastrTroy (595695)
  
  Well, if it's your windows laptop, and she keeps on messing it up, maybe you shouldn't let her use it anymore. Tell her that until she learns how to use a computer without messing it up, that she isn't allowed to use it. Maybe it seems like something you'd tell a child, or you think that she won't love you anymore, it's probably the best solution.
- - Re:I guess I don't understand (Score:2)
    
    by McFly777 (23881)
    
    Hey, some people enjoy that sort of thing (being interrogated, tortured, etc.). Please try to keep an open mind. ;-)
- - Re:First it was a dupe... (Score:3, Informative)
    
    by Ash Vince (602485)
    
    Actually, no it isnt. Although morons who dont read the full article might thinks it was.
    
    The previous stories
    
    (http://it.slashdot.org/article.pl?sid=06/07/15/12 53240 and http://it.slashdot.org/article.pl?sid=06/07/11/131 220 [slashdot.org])
    
    were referring to another security research co who did something similar and then refused to share it.
    This story is about someone not liking that they wont share, going a little bit further than they did and then putting it on a website and enabling it to the full.
    
    I looked at the previo
- Re:and coming soon... (Score:2)
  
  by RingDev (879105)
  
  Imagine being an "IT Guy" for a non-tech company. You've been seeing some odd network behavior, so you fire up google and search your domain for malware. It quickly identifies that Jan in Accounting has a malwar port sniffer running trying to phone home. The combination of this system and using Google for internal searches could make Google a sudden major competitor in the anti-malwar campaign.
  
  On the broaders scale, IHPs will be able to keep an eye on their customers to see if any servers are hosting malwar
- Re:gcc, worm, trojan (Score:2)
  
  by idonthack (883680)
  
  Doing a strings on it produces some Windows DLL names, function names like "InternetOpen", and a few fragments of strange text. file says it's a Windows executable. Weird... I wonder what it's doing on the gcc servers.
- - - Re:Ducking Fupes (Score:2)
      
      by The_REAL_DZA (731082)
      
      Yeah, like that's the first time we've heard THAT statement made.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Slashdot

News for nerds, stuff that matters

Slashdot { color: "", viewname: "stories", filter: "", name: "Main", id: 13 }

Site Info

Stories

Slashdot Log In

Open Source Malware Search Engine

Open Source Malware Search Engine 50 Comments More Login /

Please Log In to Continuex

So.. (Score:5, Funny)

Re:So.. (Score:2)

Re:So.. (Score:5, Funny)

Re:So.. (Score:3, Funny)

Re:So.. (Score:2)

Re:So.. (Score:2)

Finding malware with search engine? (Score:5, Insightful)

Re:Finding malware with search engine? (Score:4, Funny)

Re:Finding malware with search engine? (Score:5, Informative)

Re:Finding malware with search engine? (Score:2)

Re:Finding malware with search engine? (Score:3, Informative)

Re:Finding malware with search engine? (Score:2, Funny)

Microsoft Version! (Score:3, Funny)

Re:Since we're off on a tangent anyway (Score:2)

Re:Since we're off on a tangent anyway (Score:4, Funny)

Re:Since we're off on a tangent anyway (Score:2, Funny)

Re:Since we're off on a tangent anyway (Score:2, Funny)

Re:Since we're off on a tangent anyway (Score:3, Funny)

Re:Since we're off on a tangent anyway (Score:2)

Re:Since we're off on a tangent anyway (Score:2)

You win! (Score:2, Funny)

I wish google would incorporate this into searches (Score:5, Interesting)

Re:I wish google would incorporate this into searc (Score:3, Informative)

Re:I wish google would incorporate this into searc (Score:2)

Re:I wish google would incorporate this into searc (Score:2)

McAfee SiteAdvisor (Score:2)

Move Quickly! (Score:2)

So I am going to write a virus (Score:3, Funny)

Re:So I am going to write a virus (Score:4, Informative)

Thank God! (Score:3, Funny)

Re:Thank God! (Score:5, Insightful)

Re:Thank God! (Score:3, Informative)

Microsoft Malware Remover says so! (Score:2)

I wonder... (Score:3, Funny)

I use Windows (Score:5, Funny)

Re:I use Windows (Score:3, Funny)

Re:I use Windows (Score:4, Funny)

the other way around? (Score:2, Interesting)

*sniff* (Score:2)

AWRIGHT!! an OS infector! w00t! (Score:2)

what is the use case? (Score:2)

Can also be misread as... (Score:2)

Careful...Skynet...Matrix...DupeDot... (Score:2, Funny)

Re:I guess I don't understand (Score:3, Informative)

Re:I guess I don't understand (Score:2)

Re:I guess I don't understand (Score:2)

Re:First it was a dupe... (Score:3, Informative)

Re:and coming soon... (Score:2)

Re:gcc, worm, trojan (Score:2)

Re:Ducking Fupes (Score:2)

Please Log In to Continuex

Close

Slashdot

sniff (Score:2)