Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Software Turns Google into a Virus Scanner 72

Kfleming writes "Websense, a security vendor, has developed software that uses a binary search feature built into Google to hunt down malware. Using this technique researchers at Websense have uncovered over 2,000 websites hosting malware, and are also able to detect legitimate sites that have been hacked. Could this binary search feature also be used to exploit Google and trick users into downloading malware?"
This discussion has been archived. No new comments can be posted.

Software Turns Google into a Virus Scanner

Comments Filter:
  • by gEvil (beta) ( 945888 ) on Saturday July 15, 2006 @09:25AM (#15724337)
    You don't say? [slashdot.org]
    • by mgblst ( 80109 ) on Saturday July 15, 2006 @09:32AM (#15724351) Homepage
      et tu, cowboyneal?
      • And why on earth does this reference a blog that just regurgitates a PC World [pcworld.com] article?

        Rhetorical question, obviously Cowboy Neal didn't want to spend more than 30 seconds on it.

        • by Anonymous Coward
          Blogs are the new spam. Digg is about 95% blogspam, and now slashdot too. You make a phoney blog, copy some article vertbatim from another site, flood your blog with ads, and get places like slashdot to link to it to increase your google pagerank, making it more likely that people will go to your ad-ridden site from google on searches.
    • I am not really sure whether these dupes in slashdot is accidental or by design.
      For one, this provides room for interesting and funny (eventhough cliched) comments
      Also, although may have originated as a mistake, this is also part of the /. tradition.
      So, just a way to maintain that.

      Earlier, when the site was managed by 5/6 overworked (or lazy) people, one can understand the happening of dupes etc.
      Now, when it is managed by a company, which easily can have processes to catch these dupes, I am not too sure.

    • Note to the editors (Score:5, Interesting)

      by Spackler ( 223562 ) on Saturday July 15, 2006 @12:03PM (#15724761) Journal
      Actually, a question:

      Editors: Do you read Slashdot?

      Sure, its flamebait, but this is a joke sometimes.
    • Slashdot should use Google search to find duplicate articles.
  • by Ariane 6 ( 248505 ) on Saturday July 15, 2006 @09:25AM (#15724338)
    He plans on using Google as an means to track down dupes on Slashdot!
    • And then use google to automatically find highly rated comments from the previous dupe and post them automagically to karma whore on /.

      Speaking of automatic, could someone develop coordinated automatic scripts to take over digg? If they vote on front page stories, how many zombie clients would it take to push your stupid story or slashvertisement to their page or maybe make a couple stories dupe or trupe. I think I read they do have some sort of uber editor that does promote and kill stories, so it is not
      • And then use google to automatically find highly rated comments from the previous dupe and post them automagically to karma whore on /.

        Actually, I read neither the article nor the comments from the previous story, I simply remember seeing it on the main page. My comment above was simply the first thing that came to mind (and I typed it rapidly, as evidenced by the glaringly inappropriate article).

        So, sorry, but I wasn't trying to karma whore.

        • It is pretty obvious you weren't whoring. Standard practice here is to cut and past some lengthy thoughtful (?) comment from the original or some previous version of the story to get karma with limited work. You wrote a simple one-liner.

          And apologies on /.? What are we coming to? only flames please...
    • Uh, mods, parent was joking. He is not planning to use Google to track dupes on slashdot, so mod "funny" not "interesting".
    • I'm not sure there's enough CPU power on Earth to do that.
    • If he needs assistance for doing that ... he's beyond help.
  • by Anonymous Coward on Saturday July 15, 2006 @09:27AM (#15724340)
    What is this google and where can i download it?

  • Malware (Score:4, Insightful)

    by the linux geek ( 799780 ) on Saturday July 15, 2006 @09:27AM (#15724342)
    Something that these 'security experts' seem to not understand is that the average user is ignorant of how computers/software work. Most users can't even be bothered to set up a password for their root/admin account. No amount of clever software is going to truly prevent the average user from loading his machine up with some form of malware. A step in the right direction would be simple things, like running as a non-root user by default.
    • Re:Malware (Score:2, Insightful)

      Thats a windows thing. Hopefully when they finally ship vista they will have a good user privilage system. A much better system compared tto beta 2 where you need to go through like seven steps just to delete a file.
    • Re:Malware (Score:2, Insightful)

      by postmortem ( 906676 )
      Well not only that, but average user has a need to install more or less- malware. The trash software industry that makes junk loaded with spuyware addware and other poorly written software, targets averageuser, not the experts. The amount of software today created, and used in world requires that main user of computer uses his root account at least sparingly. However, I see the problem of user ignorance as a problem that is not necessarily unsolvable. It is that unsafe practices of its users create additio
    • Re:Malware (Score:1, Interesting)

      by jabberwock ( 10206 )
      ... and if a frog had wings, he wouldn't whomp his ass every time he jumped.

      You're right, of course. But it's not so much "can't be bothered." Most users with an out-of-the box computer know of no reason to have a password other than for LOCAL security.

      Manufacturers and/or MS could force the issue. But I've never heard that proposed anywhere. With wireless routers (another example) I've at least heard it *suggested* that units be shipped with software that forces a password change, or with some (simpl
  • "Binary search" ?! (Score:5, Informative)

    by shreevatsa ( 845645 ) <shreevatsa.slash ... m ['il.' in gap]> on Saturday July 15, 2006 @09:30AM (#15724346)
    Not only is this a dupe [slashdot.org], it is also confusing that they use "binary search" to mean "searching inside binary files", and not binary search [google.com] in its usual sense [wikipedia.org] .
    • by jc42 ( 318812 )
      [I]t is also confusing that they use "binary search" to mean "searching inside binary files", and not binary search in its usual sense.

      Come now, my good fellow; surely you don't expect computer people to start to honor precedence in their terminology. Why, that would be, uh, I think the word is "unprecedented".

      We computer geeks have a long tradition of taking someone else's terminology and recycling it with meanings at odds with the earlier use. And in this case, the writer(s) probably thought they were i
  • by Anonymous Coward on Saturday July 15, 2006 @09:30AM (#15724348)
    What is a *.exe? Never seen that kind of file on any of my three operating systems. Good, one thing less to worry about.

    ... you dupe stories, I dupe replies.
  • by rs232 ( 849320 ) on Saturday July 15, 2006 @09:45AM (#15724373)
    The real story is why are we still getting 'Internet viruses' in the latter half of 2006 and why don't these 'security vendors' produce a soluton to the problem.
    • Simply stated, because the existence of this issue is highly profitable.
    • Because you and most other dummies are using a highly insecure operating system! That's why internet viruses still exist! The ONLY solution to this problem is to stop using Windows! Otherwise stop complaining at least.
    • Websense has stated they do not plan to make the code public at this time and only plan to share it with a select group of researchers

      ok so if I

      1. set up a honeypot account at yahoo and get a bunch of spam in it,
      2. scan it for viruses, if viral save a copy on a linux box,
      3. look at it with a hex editor and pick out some ascii strings,
      4. google the web for the strings inside the virus,

      then appearently I'm using some uber-secret technic that only the elite security professionals should know.

      OK so here is now the $25,00

    • R/DNA viruses have adapted to their environment over time just like code viruses have but the question that begs to be asked is will the code virus's evolution be something benign like the common cold merely being a nuisance yet coexisting with us with minimal bad side effects or towards a more Ebola like form of virulence where the end result for all future encounters is the mutual annihilation of itself and it's victim host.
      • "will the code virus's evolution be something benign like the common cold"

        To continue this analogy how about innoculating the system against future atacks. Create a processor that scrambles the microcode table. It has a run mode and an install mode. At install mode it scrambles the OP codes in the program to match the table. Any forign code attempting to run is stoped dead in its tracks.

        Or how to fix Windows. Create an embedded OS that runs an emulator that provides API functions to the applications.
  • by Goldenhawk ( 242867 ) on Saturday July 15, 2006 @09:45AM (#15724374) Homepage
    This looks suspiciously like self-promotion, trying to win a few dollars from Google AdSense placement. Yes, folks, Google can be used to make money. Who woulda known?

    Skip the linked article and go straight to the source:
    http://www.pcworld.com/news/article/0,aid,126371,0 0.asp [pcworld.com]

    All the link does is duplicate the story summary, and then link to the PCWorld article.
  • Pardon me... (Score:4, Informative)

    by WhiteWolf666 ( 145211 ) <sherwin@nOsPaM.amiran.us> on Saturday July 15, 2006 @09:48AM (#15724385) Homepage Journal
    But doesn't Google reliable obey Robots.txt ?

    Seems like a DotBomb business plan....
  • So... (Score:5, Funny)

    by multipartmixed ( 163409 ) on Saturday July 15, 2006 @10:22AM (#15724464) Homepage
    ...they are using the SOAP API to find virus-laden files.

    Theres gotta be a joke in there somewhere..

    "In Soviet Russia, SOAP cleans your computer!"

    No wait.

    "I for one welcome our freshly-washed overlords!"

    Crap, that doesn't really work, either.

    "Let's pour hot SOAP down Natalie Portman's pants!"

    Hmm. I wouldn't mind doing that, but it's not particularly funny.

    "Netcraft confirms it, SOAP can eliminate viruses!"

    "Hey, Goatse man, did you lose this?"

    .....ah, SCREW it. I have better things to with my time than to write comedy. Stephen King died today, and there are 300 victims of a Sri-Lankan Tsunami to worry about!

  • Big Deal (Score:3, Funny)

    by tisme ( 414989 ) on Saturday July 15, 2006 @10:32AM (#15724479)
    Big Deal, I have figured out how to use Google to eliminate my need to excrete bodily solids or fluids.
  • I don't really see how this can be made to exploit code. Its a search for binary within a file. Within a file being the important phrase. I mean it could be code to hijack your computer but it won't run unless you download it. And I doubt mom and pop are using google search inside binary files ever. Hell I never heard of it before today. Those that use it probably are a bit OCD about protecting their computers.
  • google will be able to scan your bedroom and tell you if your enviornment will cause you cancer or not :P
  • This is good news. The real gem that nobody seems to have commented on is google's bots which allow them to list the contents of a site automagically. I presume they have tacked Webenese onto them and watched the stats.

    It could be a real boon once it translates into search warnings. But I can see some nasty trouble ahead with False Negatives and False Positives once everybody making spyware/malware/adware/viruses/worms starts reacting to this new threat to their existence. If google decided my clever line o
  • A database of sites comprimised, using this binary Google scanner, to keep an accurate up-to-date record. Plug that record into a Firefox plugin, that will show if the website has been compromised in any way.

    (My apologies if this doesn't make much sense, I just had wisdom teeth dug out of my skull, and I'm on lortabs.)
  • "Could this binary search feature also be used to exploit Google and trick users into downloading malware?"

    OK, who disabled my CbN filter?

    'Could an empty coke can can be used to exploit hungry bears and trick them into drinking week old urine?'

    And please stop telling the idiot that it is ok to look, act, talk and otherwise communicate like an idiot in public...

"It takes all sorts of in & out-door schooling to get adapted to my kind of fooling" - R. Frost