NEW YORK: A security expert has created a search engine that can find malicious software using Google's database. H.D. Moore, who is known for his hacking tool Metaspoilt, said his Malware search engine can locate websites hosting malicious files if a person enters the names of a virus or a Trojan in the query field.
Malware uses a newly created search tool that employs a fingerprint of the executable code and carries out the search using Google.
The search normally does not yield many results, mainly because Google has not yet indexed most malware.
Earlier, Websense Security Labs, a web filtering products vendor, had developed a similar tool and claimed it can find thousands of examples of malicious code using Google's search technology. However, experts said most of the findings were files of malicious nature posted at Usenet newsgroups with false names. Websense did not release its tool to the public as it feared misuse by attackers.
It is a known fact that Google, which is widely used in searches for informative web pages and documents, can also search through binary information stored in the normally unreadable executable files that are run by Windows computers.
According to Moore, of some 2,400 samples he examined using his tool, 125 contained malware. As many as 90 popped up as part of malicious e-mail messages stored in online e-mail archives. The rest were from websites engaged in distributing malware.
Google has admitted that users can find malicious executables using its search engine and said it is making an effort to shield users from this code. An unwary user, going by Google's security, can be tricked by the malware owner into downloading viruses and Trojans, say security experts.
