New search engine to track down viruses

Jul 25, 2006

The hundreds of thousands of computer users whose PCs have been torn asunder by viruses could now have a new weapon in their arsenal against online attacks. A new search engine has been launched that will exclusively hunt down the pesky malware that make the lives of so many Net users a misery. Using a simple Google search, users will able to enter keywords into the Malware Search engine and track down live malware samples.

Malware -- the term is an amalgamation of "malicious" and "software" -- is the irritating software designed specifically to infiltrate and damage a computer system, and includes such beasties as Trojan horses, spyware, viruses and worms.

The engine has been developed by HD Moore, a well-respected software engineer who works as the director of security research at the Austin-based BreakingPoint Systems and who was responsible for creating the Metasploit hacking tool and the MoBB (Month of Browser Bugs) project. According to an interview in eWEEK, Moore was partly motivated to create by the announcement that Websense Security Labs were using the Google SOAP (Simple Object Access Protocol) Search API to find dangerous .exe files, or executables, that were sitting on Web servers. Although Google SOAP is free for anyone to use, Websense were only sharing the results of searches on private security mailing lists. Moore decided to take a more altruistic approach and, together with researchers from the Offensive Computing project, created Malware Search using open-source programs.

The engine would be simplicity itself to use -- in a user-friendly Web interface, Internet users just need to enter the names of the malware they want tracked down, such as "Bagle," "SoBig" or "MyDoom." The engine will then hunt through hundreds of thousands of Web sites to track down the ones that are hosting the malicious executables. The engine's site closely resembles Google's design, and as with Google, will bring up search results of the Web sites that were purposefully or inadvertently hosting the malware searched for. Broader searches can also be performed using more general search-terms such as "e-mail" or "Trojan." So far, the engine is limited to Google-based queries, but this may be expanded at some stage in the future.

Malware Search differs from other similar programs such as Netsense in that it is open source, making it more freely and widely available than its predecessors. Members of many of the online software interest forums such as Slashdot showed eager encouragement for the engine and saw potential uses in both the workplace and at home. IT managers for non-technology companies would be able to determine if any glitches in the behavior of their internal networks was due to malware sitting in one of the company's computers. At the broader level, Internet hosting providers would be able to keep tabs on their customers to see if any servers were hosting malware, and let the servers' operators know that their sites may have been breached. As one poster on Slashdot enthused, "The combination of this system and using Google for internal searches could make Google a sudden major competitor in the anti-malware campaign."

The program identifies specific malware without the Google application programming interface, using instead code string "fingerprints" from malware samples that the Malware Search programmers already have access to. According to Moore, the engine has already been programmed with 300 malware signatures, and there are plans to add a further 6,000 in a future bug update.

On the Net: metasploit.com/research/misc/mwsearch/index.html

Copyright 2006 by United Press International

Explore further: Apple helps iTunes users delete free U2 album

add to favorites email to friend print save as pdf

Related Stories

Filtering criminal dDOS attacks

Jun 23, 2014

A new hybrid filtering system to protect cloud computing services from distributed denial of service (dDOS) attacks has been developed by US and Indian researchers. They provide details in the latest issue of the International ...

Poor design means terrible websites still haunt the web

Jan 21, 2014

There is probably not one of us reading this who has not lost themselves in time and space as they surf the web. So much engaging content, so many interesting lines of enquiry – and so much rubbish too.

Antivirus software often fails to deter hackers

Oct 03, 2013

At a time when millions of computer users face increasingly sophisticated cyberattacks, the antivirus software they rely on to keep their information safe frequently fails to do the job.

Recommended for you

Apple helps iTunes users delete free U2 album

12 hours ago

Apple on Monday began helping people boot U2 off their iTunes accounts after a cacophony of complaints about not wanting the automatically downloaded free album by the Irish rock band.

Habitual Facebook users: Suckers for social media scams?

17 hours ago

A new study finds that habitual use of Facebook makes individuals susceptible to social media phishing attacks by criminals, likely because they automatically respond to requests without considering how they are connected ...

YouTube to go offline in India on Android phones

18 hours ago

YouTube users in India will soon be able to save videos from the Google-owned service, making it possible to watch them offline, and the feature will eventually be available globally, the company said Monday.

Facebook vs. loneliness

22 hours ago

Are people becoming lonelier even as they feel more connected online? Hayeon Song, an assistant professor of communication at UWM, explored this topic in recent research.

User comments : 0