New Hacker-Friendly Google Malware Search

Update: According to Moore, Google didn’t contact him directly and ask him to censor the logo, and he considers the “censored” label to be amusing. Also, the malware search doesn’t use the Google API (see Ryan’s story for an explanation of how it works).

Update #2: Looks like Google is removing those malware files from their index. Searches on the malware tool are turning up empty.

Update #3: Google’s official response: “As part of Google’s efforts to index all of the information online we find that on occasion malicious executable files become available to users through Google web search. We deplore these malicious efforts to violate our users’ security. When possible, we endeavor to shield our users from these executable files, however we always encourage users to keep their security software up-to-date to ensure the safest web surfing experience.”
File this under “bound to happen sooner or later.” A security researcher has created a new malware search Web site using Google’s search engine and released it to the Web community.

H.D. Moore, creator of the Metasploit hacking tool, has released a search engine (pictured at left) that finds live malware samples through Google queries. Security research firm WebSense created a similar service using the Google API last week but, according to Moore, WebSense was only releasing the code to specific security mailing lists. So Moore decided to roll his own consumer-friendly version over the weekend.

The new engine can locate about 300 different malware signatures, and Moore says he’ll add 6,000 more in an update. Just type in a query, find live code, and you’re ready to rock.

Somewhere right now, a lawyer is drafting a cease and desist letter. Looks like that letter arrived.