Google's binary search helps uncover malware

by admin July 11, 2006 at 4:06 am

Nearly everyone has been affected by Google and its sheer ubiquity?¢‚Ǩ‚Äùto the point where “to google” has even become an officially recognized verb. Google gained this dominance by providing the best web searching service, which required the ability to quickly “crawl” the web, finding and indexing all the content it could get its hands on. Anyone who has set up a web server and peered at the access logs know that the Google spiders come quickly and often.

One thing that most people weren’t aware of, however, is that Google is indexing more than just text and images. The search engine is also capable of indexing and searching binary files, a feature that the security firm Websense has been taking advantage of to uncover malicious and hacked web sites all over the world.

The company utilized a little-known feature of Google to search for binary strings representing Windows-based worms such as W32.Bagel and W32.Mytob. “They [Google] actually look inside the internals of an executable and index that information,” said Dan Hubbard, senior director of security at Websense.

Full article: Ars Technica