New search engine to track down viruses

July 25, 2006

The hundreds of thousands of computer users whose PCs have been torn asunder by viruses could now have a new weapon in their arsenal against online attacks. A new search engine has been launched that will exclusively hunt down the pesky malware that make the lives of so many Net users a misery. Using a simple Google search, users will able to enter keywords into the Malware Search engine and track down live malware samples.

Malware -- the term is an amalgamation of "malicious" and "software" -- is the irritating software designed specifically to infiltrate and damage a computer system, and includes such beasties as Trojan horses, spyware, viruses and worms.

The engine has been developed by HD Moore, a well-respected software engineer who works as the director of security research at the Austin-based BreakingPoint Systems and who was responsible for creating the Metasploit hacking tool and the MoBB (Month of Browser Bugs) project. According to an interview in eWEEK, Moore was partly motivated to create by the announcement that Websense Security Labs were using the Google SOAP (Simple Object Access Protocol) Search API to find dangerous .exe files, or executables, that were sitting on Web servers. Although Google SOAP is free for anyone to use, Websense were only sharing the results of searches on private security mailing lists. Moore decided to take a more altruistic approach and, together with researchers from the Offensive Computing project, created Malware Search using open-source programs.

The engine would be simplicity itself to use -- in a user-friendly Web interface, Internet users just need to enter the names of the malware they want tracked down, such as "Bagle," "SoBig" or "MyDoom." The engine will then hunt through hundreds of thousands of Web sites to track down the ones that are hosting the malicious executables. The engine's site closely resembles Google's design, and as with Google, will bring up search results of the Web sites that were purposefully or inadvertently hosting the malware searched for. Broader searches can also be performed using more general search-terms such as "e-mail" or "Trojan." So far, the engine is limited to Google-based queries, but this may be expanded at some stage in the future.

Malware Search differs from other similar programs such as Netsense in that it is open source, making it more freely and widely available than its predecessors. Members of many of the online software interest forums such as Slashdot showed eager encouragement for the engine and saw potential uses in both the workplace and at home. IT managers for non-technology companies would be able to determine if any glitches in the behavior of their internal networks was due to malware sitting in one of the company's computers. At the broader level, Internet hosting providers would be able to keep tabs on their customers to see if any servers were hosting malware, and let the servers' operators know that their sites may have been breached. As one poster on Slashdot enthused, "The combination of this system and using Google for internal searches could make Google a sudden major competitor in the anti-malware campaign."

The program identifies specific malware without the Google application programming interface, using instead code string "fingerprints" from malware samples that the Malware Search programmers already have access to. According to Moore, the engine has already been programmed with 300 malware signatures, and there are plans to add a further 6,000 in a future bug update.

On the Net: metasploit.com/research/misc/mwsearch/index.html

Copyright 2006 by United Press International

Explore further: Study finds 'lurking malice' in cloud hosting services

Related Stories

Study finds 'lurking malice' in cloud hosting services

October 18, 2016

A study of 20 major cloud hosting services has found that as many as 10 percent of the repositories hosted by them had been compromised - with several hundred of the "buckets" actively providing malware. Such bad content ...

Lenovo stops Superfish preloads and issues advisory

February 21, 2015

Lenovo has seen calmer weeks. News sites in droves rang chimes and sirens over an adware program on some Lenovo models escalating to concerns about the potential risk of a Man in the Middle threat. Lenovo has been attempting ...

Fuzzy logic helps detect redirection spam

June 16, 2016

Web browsers might soon use fuzzy logic to spot redirection spam and save users from being scammed, phished or opening malicious sites unwittingly, according to researchers in India writing in the International Journal of ...

Antivirus software often fails to deter hackers

October 3, 2013

At a time when millions of computer users face increasingly sophisticated cyberattacks, the antivirus software they rely on to keep their information safe frequently fails to do the job.

Recommended for you

Samsung to disable Note 7 phones in recall effort

December 9, 2016

Samsung announced Friday it would disable its Galaxy Note 7 smartphones in the US market to force remaining owners to stop using the devices, which were recalled for safety reasons.

Swiss unveil stratospheric solar plane

December 7, 2016

Just months after two Swiss pilots completed a historic round-the-world trip in a Sun-powered plane, another Swiss adventurer on Wednesday unveiled a solar plane aimed at reaching the stratosphere.

Solar panels repay their energy 'debt': study

December 6, 2016

The climate-friendly electricity generated by solar panels in the past 40 years has all but cancelled out the polluting energy used to produce them, a study said Tuesday.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.