Websense finds malware with Google
Research highlights the ease of finding malcode on the web
Research from Websense Security Labs has found that thousands of pieces of malicious binaries are available on the web.
Websense searched Google with Google's own application programming interface to find malicious executables indexed by the search engine.
A Google query for 'Signature: 00004550' results in numerous links to executable files. The reason this search works is because when Google indexes the executable file, it passes the PE file format of the windows executable.
'This does look alarming, but you have to know exactly what you are looking for in order to find this code,' said Websense technical director Mark Murtagh.
The malicious code is mostly posted to newsgroups with false names that would normally trick a user. Websense also found on forum sites, as well as regular personal, educational, compromised, and underground sites. Several pieces of spyware were found on poker and casino sites.
The discovery is likely to open up the debate on open-sourcing. Although this is a useful tool for security experts to discover malicious code online, it is also there for malcode authors to use.
'Criminals generally work quicker and a faster to respond to malcode being published online. Full disclosure on day 1 only helps the attacker,' said McAfee security analyst Greg Day.
But Richard Starnes, president of the Information Systems Security Association disagees.
'Trying to regulate content on the internet is a losing battle. If its there people can pull it off, write signatures, and then know if they are under attack or not,' he said.
What do you think? Email us at: [email protected]
Further reading: