Need Malware? Ask Google!

Google needs a serious security department. I know they have one, but they are sleeping on the job when it comes to stopping the download of malware or even emergent threats associated with miscreants searching for exploitable websites.

No one is better placed to help secure the national critical infrastructure’s webservers than Google. If anyone should be able to tell that there are new searches for, say, a new vulnerable script in a websites cgi-bin directory, its Google. In fact, I know for a fact that they are capable of detecting it, and probably even record the emergence of these new scans for exploits. See their Zeitgeist site. They keep track of emergent search queries. So why don’t they report new web site scripting vulnerabilities to the Department of Homeland Security?

They just don’t care to, or it would violate their policy of cooperating with the United States Government, or its pure, simple elitism. But you can now use Google to look for malware used to install trojans and botnet software.

From CNET here:

H. D. Moore, creator of the Metasploit hacking tool, has crafted a search engine that finds malicious software using Google queries. The new “Malware” search engine finds Web sites hosting malicious files after a person enters the name of a virus or Trojan horse.To find the malicious software the new search tool uses a fingerprint of the executable and then searches for it using Google, according to the Web site. However, those who do try it won’t find much. Google has not indexed most malware yet and the signature database is still tiny, according to the Malware search site.

Launch of the new, public search site comes shortly after researchers at Websense Security Labs said they had been able to find thousands of examples of malicious code using Google’s search technology.