Open Source Malware Search Engine

chr0.ot writes "Metasploit creator HD Moore has released an open-source search engine that finds live malware samples through Google queries. From the article: 'The new Malware Search project provides a Web interface that allows anyone to enter the name of a known virus or Trojan and find Google results for Web sites hosting malicious executables.' The tool then searches for actual malware signatures and uses the signature output from ClamAV to find the name of the malware. This is then used in conjunction with a PE signature matching method to form a Google query. Afterwards the malware can then be downloaded directly from Google."

So..

[michaelhood (667393)]

Let me get this straight.. now Google is good for porn AND viruses?

How do the other engines stay in business?!?

Re:So..

[DaHat (247651)]

I knew they were evil.

Re:So..

[by Anonymous Coward]

..now Google is good for porn AND viruses?

So, basically, the Internet is exactly like real sex now, only easier to get.

Re:So..

[cp.tar (871488)]

Dunno... I still have to pay for the Internet connection.

Finding malware with search engine?

[broothal (186066)]

I wonder how they got that idea [slashdot.org]. I've never heard of it before [slashdot.org].

Re:Finding malware with search engine?

[The Ultimate Fartkno (756456)]

I bet the editor of this story lives in Belleville. /obscure?

Re:Finding malware with search engine?

[by Anonymous Coward]

Netsense search isn't open source, as is pointed out in the article.

Also, this program supposedly highlights how relatively little malware Google actually indexes, contrary to the two earlier articles you cite. Thus this is an additional development, not a dupe.

Re:Finding malware with search engine?

[kkuehl (980075)]

HD acknowledges that is where he got the idea. The point of his release is that it is opensource and available to anyone, unlike the websense version.

Microsoft Version!

[LiquidCoooled (634315)]

Clippy:
It looks like your searching for viruses,
well your in the right place.

ps, anyone else notice that slashdot is like waiting for a bus, you wait for hours with no updates then 4 come along all at once.
Hope the problems have been fixed now.

Re:Since we're off on a tangent anyway

[Filip22012005 (852281)]

I've got in the habit now when reading slashdot of if I can't understand a post, reading it as if i was speaking it (but silently of course).

I'm trying to read this sentence as if you were speaking it. And you sound sort of silly.

Re:Since we're off on a tangent anyway

[mooingyak (720677)]

Your being too kind.

Usually it's not worth the effort, but given this thread I just had too...

That should be:

You're being too kind.

I wish google would incorporate this into searches

[transporter_ii (986545)]

I in no way think that google should block sites, but it would be nice if they would scan sites witht this -- especially for sites that install stuff through holes in IE -- and put a little icon on search results that return an infected site. That way you could at least have a heads up before you clicked on a search result about what you were getting into. It would also be great for Firefox, when everyone gets to see how many sites are exploiting IE.

Transporter_ii

Re:I wish google would incorporate this into searc

[lifgrd1979 (219103)]

Sorry Google can't do it, McAfee already bought that startup - http://www.siteadvisor.com/ [siteadvisor.com].

So I am going to write a virus

[The Ape With No Name (213531)]

that snags a random payload off this site! Thanks Metasploit!

BTW, Dupe, Dupity Dupe, Dupe.

Re:So I am going to write a virus

[mysticgoat (582871)]

How can an article whose content says the earlier article was bogus be a dupe of the earlier article?

How can the initial announcement of a freely available tool be a dupe of the announcement of something that is not for public release?

Conclusion: there are a lot idjits on slashdot who have learned to waggle their fingers on the keyboard and therefore think they are clever. Oh so clever.

Slashdot has become the proving ground for kids who wanna grow up to be one of the million monkeys...

Thank God!

[skinnygmg (964698)]

I just bought a new PC, and i have no viruses yet.

Re:Thank God!

[Ash-Fox (726320)]

I just bought a new PC, and i have no viruses yet.

How do you know?

Re:Thank God!

[pNutz (45478)]

I just bought a new PC, and i have no viruses yet.

How do you know?

How could [arstechnica.com] he know?

I wonder...

[by Anonymous Coward]

what MS has to say about this.
This is outright competition for their closed source malware search engine IE.

I use Windows

[Cro Magnon (467622)]

I don't need a search engine to find malware.

Re:I use Windows

[houghi (78078)]

Indeed. In Soviet America malware searches you.

Re:I use Windows

[Opportunist (166417)]

That's right, Windows provides this service to you, free of extra charge, it's bundled into the system and can't be removed easily, despite some claims by other malware writers who claim they can't make business because of that!

Just click start - search...

Can also be misread as...

[CaymanIslandCarpedie (868408)]

enignE hcraeS erawlaM ecruoS nepO

Re:I guess I don't understand

[doti (966971)]

I do this on a daily basis for my Windows laptop, I search through my running processes to find strange things, search them on Google

You really should try the excelent ProcessExplorer from SysInternals [sysinternals.com].

Re:First it was a dupe...

[Ash Vince (602485)]

Actually, no it isnt. Although morons who dont read the full article might thinks it was.

The previous stories

(http://it.slashdot.org/article.pl?sid=06/07/15/12 53240 and http://it.slashdot.org/article.pl?sid=06/07/11/131 220 [slashdot.org])

were referring to another security research co who did something similar and then refused to share it.
This story is about someone not liking that they wont share, going a little bit further than they did and then putting it on a website and enabling it to the full.

I looked at the previo