Software Turns Google into a Virus Scanner 72
Kfleming writes "Websense, a security vendor, has developed software that uses a binary search feature built into Google to hunt down malware. Using this technique researchers at Websense have uncovered over 2,000 websites hosting malware, and are also able to detect legitimate sites that have been hacked. Could this binary search feature also be used to exploit Google and trick users into downloading malware?"
Re:For his next project... (Score:3, Interesting)
Speaking of automatic, could someone develop coordinated automatic scripts to take over digg? If they vote on front page stories, how many zombie clients would it take to push your stupid story or slashvertisement to their page or maybe make a couple stories dupe or trupe. I think I read they do have some sort of uber editor that does promote and kill stories, so it is not total control...
Re:Malware (Score:1, Interesting)
You're right, of course. But it's not so much "can't be bothered." Most users with an out-of-the box computer know of no reason to have a password other than for LOCAL security.
Manufacturers and/or MS could force the issue. But I've never heard that proposed anywhere. With wireless routers (another example) I've at least heard it *suggested* that units be shipped with software that forces a password change, or with some (simple?) security.
But there would be all those calls to India
-jeff
http://www.beautyfromafar.com/ [beautyfromafar.com]
Re:"Binary search" ?! (Score:3, Interesting)
Come now, my good fellow; surely you don't expect computer people to start to honor precedence in their terminology. Why, that would be, uh, I think the word is "unprecedented".
We computer geeks have a long tradition of taking someone else's terminology and recycling it with meanings at odds with the earlier use. And in this case, the writer(s) probably thought they were inventing a new phrase. Chances are that they've never heard of binary trees, much less anything to do with using them for sorting and searching.
Note to the editors (Score:5, Interesting)
Editors: Do you read Slashdot?
Sure, its flamebait, but this is a joke sometimes.
Re:the real story is .. (Score:3, Interesting)
ok so if I
- set up a honeypot account at yahoo and get a bunch of spam in it,
- scan it for viruses, if viral save a copy on a linux box,
- look at it with a hex editor and pick out some ascii strings,
- google the web for the strings inside the virus,
then appearently I'm using some uber-secret technic that only the elite security professionals should know.OK so here is now the $25,000.00 question,
Given that google crawls the web, and it crawls the web by following publicly visable links, wouldn't how the google spiders got to the viral binary through the links, be much more interesting than the fact that the virus was there?
If you have a website, how hard would it be to write a perl script that crawls the site via the FTP, fingerprints the files, remembers which files have changed and feeds any files that did through clamAV; seems pretty simple to me.