Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Development
    • IT Management

    Websense Mines for Malicious Code with Google

    By
    Ryan Naraine
    -
    July 10, 2006
    Share
    Facebook
    Twitter
    Linkedin

      Security researchers have a brand-new tool to use to go digging for malicious executables on the Web: The Google SOAP Search API.

      Malware hunters at Websenses Security Labs have figured out a way to use the freely available Google API to find dangerous .exe files sitting on thousands of Web servers around the world.

      The Google API uses the SOAP (Simple Object Access Protocol) and WSDL (Web Services Description Language) standards to offer developers an easy way to run search queries outside of the browser and, because of the way the search engine indexes executables, Websense was able to create code to look for strings associated with malware packers.

      Dan Hubbard, senior director of security and technology research at the San Diego-based Web filtering software firm, said the use of the Google API started as an experiment after bloggers noticed that some Google search queries were returning .exe files.

      When Google indexes an executable file, Hubbards research team found, the search engine parses the PE (Portable Executable) file format of the Windows executable. This means that queries can be written to extract items from the internals of the binary.

      Hubbard said Websense created code to query “unique identifiers” within the PE file format that would indicate that the file was potentially malicious.

      “Were finding literally thousands of sites with malicious code executables. From hacker forums, newsgroups to mailing list archives, theyre all full of executables that Google is indexing,” Hubbard said in an interview with eWEEK.

      About 15 percent of the results came back from legitimate Web sites hijacked by malicious hackers and seeded with executables. “We were able to find a lot of compromised sites distributing malware, most likely without the knowledge of the site owner,” Hubbard said.

      /zimages/4/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

      The queries also turned up pieces of spyware on popular online gaming sites and variants of the virulent Bagel and Mytob worms.

      “While we do not believe that the fact that Google is indexing binary file contents is a large threat, this is further evidence of a rise in Web sites being used as an method of storing and distributing malicious code,” Websense said in a research note announcing the experiment.

      “If you know what to search for within binaries, it could be a really good research tool,” Hubbard added.

      Hubbard said he plans to publish the full results of the experiment and the actual code used in the API queries on private security mailing lists to help other researchers automate the process of finding malicious Web sites.

      “At Websense, were mining almost 80 million Web sites every 24 hours to look for threats. The big issue is that you cant anymore wait for people to send you malware samples. You have to go out and proactively look for stuff,” he said.

      Researchers from Microsofts anti-malware engineering team are also working on an automated way to classify malware families and variants attacking Windows computers. Microsoft is proposing the use of distance-measure and machine learning technologies to come up with automatic classification of viruses, Trojans, spyware, rootkits and other malicious software programs.

      /zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Ryan Naraine

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×