Stories
Slash Boxes
Comments

Slashdot

News for nerds, stuff that matters

[ Create a new account ]

Sections

Help

FAQ
Bugs

Stories

About

Services

Jobs

Slashdot Log In

[ Create a new account ]

Open Source Malware Search Engine

Posted by ScuttleMonkey on Tue Jul 18, 2006 06:06 AM
from the in-case-your-computer-isn't-infected-already dept.

chr0.ot writes "Metasploit creator HD Moore has released an open-source search engine that finds live malware samples through Google queries. From the article: 'The new Malware Search project provides a Web interface that allows anyone to enter the name of a known virus or Trojan and find Google results for Web sites hosting malicious executables.' The tool then searches for actual malware signatures and uses the signature output from ClamAV to find the name of the malware. This is then used in conjunction with a PE signature matching method to form a Google query. Afterwards the malware can then be downloaded directly from Google."

[+] security, malware (tagging beta)

This discussion has been archived. No new comments can be posted.

Open Source Malware Search Engine | Log In/Create an Account | Top | 123 comments | Search Discussion

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Without JavaScript enabled, you might want to use the classic discussion system instead. If you login, you can remember this preference.

So.. (Score:5, Funny)

by michaelhood (667393) on Tuesday July 18 2006, @06:14AM (#15735441)

Let me get this straight.. now Google is good for porn AND viruses?

How do the other engines stay in business?!?
- Re:So.. by DaHat (Score:2) Tuesday July 18 2006, @06:49AM
  - Re:So.. by poolmeister (Score:1) Tuesday July 18 2006, @12:56PM
    - 1 reply beneath your current threshold.
- Re:So.. (Score:5, Funny)
  
  by Anonymous Coward on Tuesday July 18 2006, @08:47AM (#15736079)
  
  ..now Google is good for porn AND viruses?
  
  So, basically, the Internet is exactly like real sex now, only easier to get.
  
  [ Parent ]
  - Re:So.. by cp.tar (Score:3) Tuesday July 18 2006, @10:35AM
    - 1 reply beneath your current threshold.
  - Re:So.. by jb.hl.com (Score:2) Tuesday July 18 2006, @10:45AM
- Re:So.. by Intron (Score:2) Tuesday July 18 2006, @09:32AM
Finding malware with search engine? (Score:5, Insightful)

by broothal (186066) <christian@fabel.dk> on Tuesday July 18 2006, @06:16AM (#15735447)
(http://www.udviklingschef.dk/ | Last Journal: Sunday April 18 2004, @02:52PM)

I wonder how they got that idea [slashdot.org]. I've never heard of it before [slashdot.org].
- Re:Finding malware with search engine? (Score:4, Funny)
  
  by The Ultimate Fartkno (756456) on Tuesday July 18 2006, @06:41AM (#15735513)
  
  I bet the editor of this story lives in Belleville. /obscure?
  
  [ Parent ]
  - 1 reply beneath your current threshold.
- Re:Finding malware with search engine? (Score:5, Informative)
  
  by Anonymous Coward on Tuesday July 18 2006, @06:43AM (#15735520)
  
  Netsense search isn't open source, as is pointed out in the article.
  
  Also, this program supposedly highlights how relatively little malware Google actually indexes, contrary to the two earlier articles you cite. Thus this is an additional development, not a dupe.
  
  [ Parent ]
  - Re:Finding malware with search engine? by HTH NE1 (Score:2) Tuesday July 18 2006, @11:25AM
- Re:Finding malware with search engine? by kkuehl (Score:3) Tuesday July 18 2006, @07:10AM
- Re:Finding malware with search engine? by Anonymous Coward (Score:2) Tuesday July 18 2006, @08:57AM
Microsoft Version! (Score:3, Funny)

by LiquidCoooled (634315) on Tuesday July 18 2006, @06:17AM (#15735448)

Clippy:
It looks like your searching for viruses,
well your in the right place.

ps, anyone else notice that slashdot is like waiting for a bus, you wait for hours with no updates then 4 come along all at once.
Hope the problems have been fixed now.
- About the bus metaphor by Anonymous Coward (Score:1) Tuesday July 18 2006, @06:25AM
- Re:Microsoft Version! by walruz (Score:1) Tuesday July 18 2006, @06:44AM
- Re:Microsoft Version! by mingot (Score:1) Tuesday July 18 2006, @07:22AM
  - Re:Since we're off on a tangent anyway by rufty_tufty (Score:1) Tuesday July 18 2006, @07:50AM
    - Re:Since we're off on a tangent anyway (Score:4, Funny)
      
      by Filip22012005 (852281) on Tuesday July 18 2006, @08:00AM (#15735838)
      
      I've got in the habit now when reading slashdot of if I can't understand a post, reading it as if i was speaking it (but silently of course).
      
      I'm trying to read this sentence as if you were speaking it. And you sound sort of silly.
      
      [ Parent ]
      - Re:Since we're off on a tangent anyway by rufty_tufty (Score:1) Tuesday July 18 2006, @08:12AM
    - Re:Since we're off on a tangent anyway by rowama (Score:2) Tuesday July 18 2006, @08:12AM
      - Re:Since we're off on a tangent anyway by rufty_tufty (Score:1) Tuesday July 18 2006, @08:18AM
        Re:Since we're off on a tangent anyway by rowama (Score:2) Tuesday July 18 2006, @08:36AM
        Re:Since we're off on a tangent anyway by mooingyak (Score:3) Tuesday July 18 2006, @08:59AM
        Re:Since we're off on a tangent anyway by thc69 (Score:2) Tuesday July 18 2006, @09:49AM
        Re:Since we're off on a tangent anyway by mooingyak (Score:2) Tuesday July 18 2006, @10:45AM
        Re:Since we're off on a tangent anyway by rowama (Score:1) Tuesday July 18 2006, @11:15AM
        1 reply beneath your current threshold.
        Re:Since we're off on a tangent anyway by rufty_tufty (Score:1) Tuesday July 18 2006, @06:11PM
        Re:Since we're off on a tangent anyway by aminorex (Score:2) Tuesday July 18 2006, @07:12PM
      - Re:Since we're off on a tangent anyway by dhollist (Score:1) Tuesday July 18 2006, @11:55AM
        Propositional Phrase by sirrobert (Score:1) Tuesday July 18 2006, @12:09PM
        You win! by rowama (Score:2) Tuesday July 18 2006, @12:24PM
  - Re:Since we're off on a tangent anyway by mingot (Score:2) Tuesday July 18 2006, @10:22AM
  - 1 reply beneath your current threshold.
- Re:Microsoft Version! by avirrey (Score:1) Tuesday July 18 2006, @09:04AM
- Re:Microsoft Version! by RealGrouchy (Score:1) Tuesday July 18 2006, @09:23PM
  - Re:Microsoft Version! by LiquidCoooled (Score:1) Wednesday July 19 2006, @05:51AM
- 1 reply beneath your current threshold.
First it was a dupe... (Score:1, Funny)

by BumpyCarrot (775949) on Tuesday July 18 2006, @06:29AM (#15735470)

Now it's a tripe.
- Re:First it was a dupe... by Tx (Score:1) Tuesday July 18 2006, @06:36AM
  - Re:First it was a dupe... by Sepper (Score:1) Tuesday July 18 2006, @08:30AM
    - Re:First it was a dupe... by gatzke (Score:1) Tuesday July 18 2006, @10:19AM
    - 1 reply beneath your current threshold.
- Re:First it was a dupe... by Ash Vince (Score:3) Tuesday July 18 2006, @08:42AM
- 2 replies beneath your current threshold.
Headline can be misread as... (Score:1)

by phozz bare (720522) on Tuesday July 18 2006, @06:36AM (#15735495)

A search engine for open source malware?

-phozz
- Can also be misread as... by CaymanIslandCarpedie (Score:2) Tuesday July 18 2006, @07:19AM
  - 1 reply beneath your current threshold.
I wish google would incorporate this into searches (Score:5, Interesting)

by transporter_ii (986545) on Tuesday July 18 2006, @06:37AM (#15735497)
(http://www.inetwork-plus.com/)

I in no way think that google should block sites, but it would be nice if they would scan sites witht this -- especially for sites that install stuff through holes in IE -- and put a little icon on search results that return an infected site. That way you could at least have a heads up before you clicked on a search result about what you were getting into. It would also be great for Firefox, when everyone gets to see how many sites are exploiting IE.

Transporter_ii
- Re:I wish google would incorporate this into searc by lifgrd1979 (Score:3) Tuesday July 18 2006, @07:11AM
  - Re:I wish google would incorporate this into searc by KiloByte (Score:2) Tuesday July 18 2006, @08:30AM
    - Re:I wish google would incorporate this into searc by westlake (Score:2) Tuesday July 18 2006, @08:54AM
- Re:I wish google would incorporate this into searc by BlindRobin (Score:1) Tuesday July 18 2006, @07:26AM
- McAfee SiteAdvisor by westlake (Score:2) Tuesday July 18 2006, @08:36AM
- Move Quickly! by jefu (Score:2) Tuesday July 18 2006, @08:47AM
- 2 replies beneath your current threshold.
So I am going to write a virus (Score:3, Funny)

by The Ape With No Name (213531) on Tuesday July 18 2006, @06:42AM (#15735516)
(http://douglas.min.net/essay/)

that snags a random payload off this site! Thanks Metasploit!

BTW, Dupe, Dupity Dupe, Dupe.
- Re:So I am going to write a virus (Score:4, Informative)
  
  by mysticgoat (582871) * on Tuesday July 18 2006, @08:30AM (#15735965)
  (Last Journal: Friday October 26, @01:12AM)
  
  How can an article whose content says the earlier article was bogus be a dupe of the earlier article?
  How can the initial announcement of a freely available tool be a dupe of the announcement of something that is not for public release?
  Conclusion: there are a lot idjits on slashdot who have learned to waggle their fingers on the keyboard and therefore think they are clever. Oh so clever.
  Slashdot has become the proving ground for kids who wanna grow up to be one of the million monkeys...
  
  [ Parent ]
  - Re:So I am going to write a virus by slowbad (Score:1) Tuesday July 18 2006, @10:39AM
  - Re:So I am going to write a virus by mysticgoat (Score:2) Tuesday July 18 2006, @06:55PM
  - 2 replies beneath your current threshold.
Thank God! (Score:3, Funny)

by skinnygmg (964698) on Tuesday July 18 2006, @07:14AM (#15735627)
(http://skinnygmg.echoes.net/)

I just bought a new PC, and i have no viruses yet.
- Re:Thank God! (Score:5, Insightful)
  
  by Ash-Fox (726320) on Tuesday July 18 2006, @07:18AM (#15735641)
  (http://scorch.quickfox.org/)
  
  I just bought a new PC, and i have no viruses yet.
  How do you know?
  
  [ Parent ]
  - Re:Thank God! by Anonymous Coward (Score:1) Tuesday July 18 2006, @07:50AM
  - Re:Thank God! by jimwelch (Score:1) Tuesday July 18 2006, @08:31AM
    - 1 reply beneath your current threshold.
  - Re:Thank God! by pNutz (Score:3) Tuesday July 18 2006, @08:40AM
  - Microsoft Malware Remover says so! by The MAZZTer (Score:2) Tuesday July 18 2006, @10:59AM
- Re:Thank God! by logikalentropy (Score:1) Tuesday July 18 2006, @03:51PM
I wonder... (Score:3, Funny)

by Anonymous Coward on Tuesday July 18 2006, @07:17AM (#15735636)

what MS has to say about this.
This is outright competition for their closed source malware search engine IE.
I use Windows (Score:5, Funny)

by Cro Magnon (467622) on Tuesday July 18 2006, @07:20AM (#15735648)
(http://slashdot.org/ | Last Journal: Monday October 04 2004, @03:55PM)

I don't need a search engine to find malware.
- Re:I use Windows by houghi (Score:3) Tuesday July 18 2006, @07:48AM
- Re:I use Windows (Score:4, Funny)
  
  by Opportunist (166417) on Tuesday July 18 2006, @08:09AM (#15735878)
  
  That's right, Windows provides this service to you, free of extra charge, it's bundled into the system and can't be removed easily, despite some claims by other malware writers who claim they can't make business because of that!
  
  Just click start - search...
  
  [ Parent ]
and coming soon... (Score:1)

by trianglecat (318478) on Tuesday July 18 2006, @07:32AM (#15735706)

- the bag of snakes locator
- the shard of glass necktie finder
- the kick in the crotch searcher

Seriously, if this were part of your search results as a heads up of what to avoid I can see it being quite valuable. But, short of research or bad intentions... why do i want to find live malware?
- Re:and coming soon... by RingDev (Score:2) Tuesday July 18 2006, @09:21AM
- 1 reply beneath your current threshold.
I guess I don't understand (Score:1, Redundant)

by airlynx (957866) on Tuesday July 18 2006, @07:33AM (#15735713)
(http://airlynx.sitesled.com/)

I do this on a daily basis for my Windows laptop, I search through my running processes to find strange things, search them on Google, then cross-reference them from my browser history, then I interrogate my wife to find out why she visited some of the stupidest sites on the internet. That's about when I remember she's a MySpace user, and no matter what I do that laptop is screwed.
- Re:I guess I don't understand by doti (Score:3) Tuesday July 18 2006, @08:32AM
- Re:I guess I don't understand by CastrTroy (Score:2) Tuesday July 18 2006, @08:41AM
  - Re:I guess I don't understand by airlynx (Score:1) Tuesday July 18 2006, @11:29AM
- Re:I guess I don't understand by McFly777 (Score:2) Tuesday July 18 2006, @08:24AM
- 1 reply beneath your current threshold.
the other way around? (Score:2, Interesting)

by luag (959452) on Tuesday July 18 2006, @07:38AM (#15735734)

"to enter the name of a known virus or Trojan and find Google results for Web sites hosting malicious executables" we should be able to do it the other way around too. enter the url for websites we suspect first then list if the websites host malicious executables. imo its more useful that way :)
- What agreement? by RagingFuryBlack (Score:1) Tuesday July 18 2006, @08:03AM
- *sniff* by Opportunist (Score:2) Tuesday July 18 2006, @08:11AM
  - Re:*sniff* by funfail (Score:1) Tuesday July 18 2006, @04:28PM
AWRIGHT!! an OS infector! w00t! (Score:2)

by swschrad (312009) on Tuesday July 18 2006, @08:11AM (#15735889)
(http://slashdot.org/ | Last Journal: Monday April 16 2007, @01:18PM)

pray tell WTF difference is this from another virus kit? this dude's life is going to be a screaming hell when everybody tees off on him.
- Re:AWRIGHT!! an OS infector! w00t! by infosecpodcast (Score:1) Tuesday July 18 2006, @08:48AM
gcc, worm, trojan (Score:1)

by noamt (317240) on Tuesday July 18 2006, @09:03AM (#15736182)
(Last Journal: Friday December 17 2004, @03:59AM)

1. It looks like there's a copy of "Worm.Bagle.Z" on GCC's server:
gcc.gnu.org / ml/gcc-prs/2004-05/msg00008 / the_message.scr
(don't open the URL from Windows, or at all. My AV detected the file as "W32.Beagle.gen", right after I downloaded it).

2. Search the engine for "worm" or "trojan" and you'll get tons of them.
- Re:gcc, worm, trojan by idonthack (Score:2) Tuesday July 18 2006, @01:14PM
  - Re:gcc, worm, trojan by tabrisnet (Score:1) Tuesday July 18 2006, @06:05PM
what is the use case? (Score:2)

by mapkinase (958129) on Tuesday July 18 2006, @10:13AM (#15736670)
(http://en.wikipedia....vated_protein_kinase | Last Journal: Monday April 30 2007, @06:22AM)

Is it like I am a webmaster and I am blocking visits from the blacklisted websites?
Obvious question (Score:2)

by grolschie (610666) on Tuesday July 18 2006, @04:54PM (#15739870)
(Last Journal: Tuesday April 22 2003, @12:52AM)

Does it locate the Windows Genuine dis-Advantage malware?
Anti-Spyware (Score:1)

by simonscatt (977254) on Wednesday July 19 2006, @06:00AM (#15742182)

Many programms include spyware modules. Use anti-spyware for protect your privacy.
As for me, I like professional anti-spy software like PrivacyKeyboard by Raytown Corporation LLC.
You can download it here: http://download.softsecurity.com/1/14/prvkbd.zip [softsecurity.com] (~4MB)

Anti-Spyware: Efficiency of the Means of Defense [trap17.net]
Open Source AV (Score:1)

by jspencelee (988018) on Wednesday July 19 2006, @12:04PM (#15744398)

How long will it be before there is no such thing but and open source AV? There is just no way a closed source AV will be able to adapt as fast as the virus-sphere. especially when you read about these highly targeted Trojans coming from China and Russia. http://www.securityfocus.com/news/11222 [securityfocus.com] I have Clam AV on an Astaro box (linux based UTM) and I've always been pleased with the perfromance.
Careful...Skynet...Matrix...DupeDot... (Score:2, Funny)

by The_REAL_DZA (731082) on Tuesday July 18 2006, @08:15AM (#15735912)

...The tool then searches for appropriate responses and posts a response to the new article on Slashdot proclaiming it to be a dupe...

Sounds like this thing's just a few modules short of obsoletizing us all; give this thing a "beowulf cluster" module and a "in Soviet Russia" module and it'd be pretty well self-contained. Any day now it'll be welcoming it's overlord self...

[ Parent ]
Re:I'm feeling Lucky (Score:1)

by Barny (103770) <bakadamage-slashdot@yahoo.com> on Tuesday July 18 2006, @08:18AM (#15735919)

Most "free" file shareing programs have had this implemented for a long long time ;)

[ Parent ]
Re:Ducking Fupes (Score:1)

by e4g4 (533831) on Tuesday July 18 2006, @09:16AM (#15736267)

An offtopic reply to an offtopic post:

Personally, I'm rather tired of reading comment after comment pointing out that a given article is a dupe - I think the tagging system is sufficient to identify dupitude (hey, you're allowed to make up words in english). If the article's a dupe, don't read it, and by all means, don't comment - just ignore it like the articles that don't interest you.

[ Parent ]
- Re:Ducking Fupes by The_REAL_DZA (Score:2) Tuesday July 18 2006, @03:40PM
- 2 replies beneath your current threshold.
13 replies beneath your current threshold.

Slashdot

News for nerds, stuff that matters

Sections

IT

Help

Stories

About

Services

Jobs

Slashdot Log In

Related Links

Open Source Malware Search Engine

So.. (Score:5, Funny)

Re:So.. (Score:5, Funny)

Finding malware with search engine? (Score:5, Insightful)

Re:Finding malware with search engine? (Score:4, Funny)

Re:Finding malware with search engine? (Score:5, Informative)

Microsoft Version! (Score:3, Funny)

Re:Since we're off on a tangent anyway (Score:4, Funny)

First it was a dupe... (Score:1, Funny)

Headline can be misread as... (Score:1)

I wish google would incorporate this into searches (Score:5, Interesting)

So I am going to write a virus (Score:3, Funny)

Re:So I am going to write a virus (Score:4, Informative)

Thank God! (Score:3, Funny)

Re:Thank God! (Score:5, Insightful)

I wonder... (Score:3, Funny)

I use Windows (Score:5, Funny)

Re:I use Windows (Score:4, Funny)

and coming soon... (Score:1)

I guess I don't understand (Score:1, Redundant)

the other way around? (Score:2, Interesting)

AWRIGHT!! an OS infector! w00t! (Score:2)

gcc, worm, trojan (Score:1)

what is the use case? (Score:2)

Obvious question (Score:2)

Anti-Spyware (Score:1)

Open Source AV (Score:1)

Careful...Skynet...Matrix...DupeDot... (Score:2, Funny)

Re:I'm feeling Lucky (Score:1)

Re:Ducking Fupes (Score:1)