Malware Can't Hide From Google

Google's search engine can find many things. Now security researchers are using Google to find malicious code.

HD Moore, the lead developer for the Metasploit Framework open source exploit project, created a tool and publicly posted code last week showing how to use Google to look for data strings within code defined as malicious. His tool includes a malware signature generator, a malware Google API signature search app, and a malware downloader.

Internet security firm Websense earlier this month described in general terms a toolset that uses the search engine's API to automate detection of malware and malicious code-infected sites. Dan Hubbard, Websense's senior director of security, says the company will share its search tools only with a select group of researchers. While security researchers routinely publicly disclose vulnerabilities they find, Hubbard said disclosing tools to find malicious code should be treated differently.

Moore disputed that, as well as Websense's claim of finding more than 2,000 sites hosting malware. "I was expecting better results than what I found," he says. Moore says he looked at 2,400 sample executables and found only 127 with malware. Websense's Hubbard says Moore's sample was likely too small, looking for malware instead of attributes of malicious code.

Despite the intramural fighting, security pros now have new tools for seeking out malware.