Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Virus Trackers Find Malware With Google

Zonk posted about 8 years ago | from the bug-hunters dept.

113

Casper the Angry Ghost writes "Malware hunters have figured out a way to use the freely available Google SOAP Search API, as well as WDSL, to find dangerous .exe files sitting on thousands of Web servers around the world. Queries can be written to examine the internals of web-accessible binaries, thus allowing the hunters to identify malicious code from across the internet." From the article: "We're finding literally thousands of sites with malicious code executables. From hacker forums, newsgroups to mailing list archives, they're all full of executables that Google is indexing. About 15 percent of the results came back from legitimate Web sites hijacked by malicious hackers and seeded with executables."

cancel ×

113 comments

do no evil, rat out evil (5, Interesting)

yagu (721525) | about 8 years ago | (#15698349)

This raises Google's "no evil" equity significantly. Any mechanism to sniff out, identify, and hopefully proactively take measure to protect against the evil that is the web and its sinister demographic is a good thing.

So, Google takes the "do no evil" a step further and calls evil out.

There is a quote from the article I don't quite understand,

"While we do not believe that the fact that Google is indexing binary file contents is a large threat, this is further evidence of a rise in Web sites being used as an method of storing and distributing malicious code," Websense said in a research note announcing the experiment.

Is there some potential badness that Google is indexing binary file content? What might that be?

Re:do no evil, rat out evil (5, Interesting)

mrxak (727974) | about 8 years ago | (#15698430)

It's not really Google that's doing it, it's Websense using a Google tool.

In any case, the only thing I can figure about the quote is that Google indexing these sites helps to spread the malware around. Somebody could type in "l337 hax0rs hax" and end up at a malware site.

Re:do no evil, rat out evil (3, Insightful)

ZachPruckowski (918562) | about 8 years ago | (#15698515)

In any case, the only thing I can figure about the quote is that Google indexing these sites helps to spread the malware around.

Only if you're looking for it in the first place (like if your a hacker). It doesn't affect Joe-Average.

Re:do no evil, rat out evil (1)

mrxak (727974) | about 8 years ago | (#15698598)

Well that's what I mean. This is all speculation on a not-so-clear quote, but it sounded like that by indexing these websites, it was making these malicious sites available to those who would use them for evil. But again, he was saying that this was not really a concern.

I really have no idea why this was included in the article at all.

Re:do no evil, rat out evil (2, Funny)

Elemenope (905108) | about 8 years ago | (#15698908)

I really have no idea why this was included in the article at all.

For 'balance'. Duuuuhhh!

Re:do no evil, rat out evil (1)

ZachPruckowski (918562) | about 8 years ago | (#15698971)

Well, having seen spammer message boards, and based on the descriptions most anti-virus companies or researchers post, it seems unlikely that this'll be bringing new virus code to hackers (since they can already get info on almost anything already exploited), it's mostly just effectively telling everyone where pre-existing viruses are.

Re:do no evil, rat out evil (1)

StarvingSE (875139) | about 8 years ago | (#15699437)

I think a nice quote from Spiderman will suffice: "With great power comes great responsibility." Google can either use this info to warn users of potentially harmful sites, and to warn system administrators if there is a malware problem with their server. Google could even go so far as to temporarily take sites infected with malware out of their search listings until the server is cleaned up.

On the evil side, google could just make it easier for people to gain access to malware. I think its probably going to be former option.

Re:do no evil, rat out evil (1)

infaustus (936456) | more than 7 years ago | (#15702959)

You're assuming it's labeled as malware, and not just on one of those pages that aren't actually porn that google returns when you're searching for porn.

Re:do no evil, rat out evil (0)

Anonymous Coward | about 8 years ago | (#15698587)

interestingly, google turns up no results for that yet, so...the first one should be your post as soon as google gets around to archiving it. :)

Re:do no evil, rat out evil (1)

just_another_sean (919159) | about 8 years ago | (#15698704)

Would have modded this funny but I must be tired because my sarcasmo-meter is not working.

Somebody could type in "l337 hax0rs hax" and end up at a malware site.

Surely if that is the query then they *want* to end up at a malware site?

(O.K. Feel free to follow up with the "whoosh" comments now). :-)

Re:do no evil, rat out evil (2, Funny)

BecomingLumberg (949374) | about 8 years ago | (#15698960)

Somebody could type in "l337 hax0rs hax" and end up at a malware site.

You know, in Alaska, they have a joke about how one is goes about hunting Polar Bears.... 'just go out there, they will find you.'

Re:do no evil, rat out evil (2, Funny)

JW.Axelsen.Sr. (986276) | about 8 years ago | (#15699786)

Somebody could type in "l337 hax0rs hax" and end up at a malware site.

http://www.google.com/search?q=l337+hax0rs+hax [google.com]

too right, some of the results are humorous

(2nd page)

Is Your Son a Computer Hacker - Comments - Page 1
sooo in other words... i must be a "l337" hacker because as a magic 8ball says ... what Flash really is, or is 75% of all companies of THE WORLD, hax0rs? ...
www.adequacy.org/stories/hacker.comments.page.1.ht ml - 887k - Cached - Similar pages

N074H4x0r ... I'm no Hacker
The B3atles Were Hax0rs. They were singing about SQL Injection, and like encryption and stuff ... I don't sp34k l337, I refer to my friends by their names, ...
n074h4x0r.blogspot.com/ - 144k - Cached - Similar pages

Re:do no evil, rat out evil (2, Insightful)

Anonymous Coward | about 8 years ago | (#15698444)

I think you're getting a little ahead of yourself in giving Google credit for this. It's not like creating an interface for malware hunting was intentional on their part...

Re:do no evil, rat out evil (0)

Anonymous Coward | about 8 years ago | (#15698550)

This just in, Ginsu being blamed for horrible knife murders!

Re:do no evil, rat out evil (2)

diersing (679767) | about 8 years ago | (#15698672)

Why not? Gun manufacturers have been sued for less.

Re:do no evil, rat out evil (1)

Mister Whirly (964219) | about 8 years ago | (#15699012)

And in every case the dead person was brought back to life...

Re:do no evil, rat out evil (0, Redundant)

Grue_Food (442478) | about 8 years ago | (#15698459)

Yagu said "So, Google takes the "do no evil" a step further and calls evil out."

Hmmm... Just wondering, when Gates came out, was he wearing his mithral shirt with the +50 anti-malware spell?

Re:do no evil, rat out evil (4, Insightful)

jc42 (318812) | about 8 years ago | (#15698730)

Is there some potential badness that Google is indexing binary file content? What might that be?

The computer industry does have a nasty history of "shooting the messenger" when malware is reported. People really don't want to know that their machine has been compromised, especially if it implies lax security on their part. They routinely react by firing or prosecuting the people who do anything to pinpoint security problems like this. We can expect to read stories of threats against people who use this Google feature to find security problems.

The obvious explanation here is the old "stupidity rather than malice" saying. But this might not always be true. When someone in authority attempts to punish someone for exposing a security problem, you should probably assume that they understand what they're doing and have a motive for their action. It's likely that some of those with the authority to punish messengers are doing so because they don't want the problems exposed, for reasons of personal (or institutional) profit.

Indexing these MAY be exploitable (5, Interesting)

ratboy666 (104074) | about 8 years ago | (#15698744)

The idea is to code the exploit in such a way that Google extracts the exploit itself as the content description in the index. This probably gives 200 bytes or so for the entire exploit (maybe more, I don't have time to try this stunt right now).

The idea is to put up useful content into the web site, along with the exploit. Google will index, and when the target searches google, the code will be injected into the search results.

Of course, this needs hacking; both trying to figure out what google will allow in the content section, and to find a browser exploit that can be exploited.

Just sayin...

Your point of trust (as the target) is your browser. Which means ONLY open source browsers should be used. Those, at least, are controllable as to the exposure and behaviour when being delivered content.

Ratboy

Re:Indexing these MAY be exploitable (1)

hal9000(jr) (316943) | about 8 years ago | (#15698854)

Interesting until the reared its ugly head.

Ratboy, you not making sense with this: Your point of trust (as the target) is your browser. Which means ONLY open source browsers should be used. Those, at least, are controllable as to the exposure and behaviour when being delivered content.

Most users who are 1) not programmers or 2) are programmers but have no familiarity with a particular browser source tree, don't have any more control over how content is handled by the browser with the exception of using other 3d party plug-ins (firefox extensions, etc). So the real point here is that any browser with a vulnerability is a potential target of the types of exploits you're talking about, open source or not.

Re:Indexing these MAY be exploitable (2)

ratboy666 (104074) | about 8 years ago | (#15698978)

You are right. I am knee-deep in a job, and just wanted to rant at the end. Sorry.

Ratboy.

Re:do no evil, rat out evil (1)

Glog (303500) | about 8 years ago | (#15699047)

Not sure what you are saying there ... Let's say a researcher uses a microscope to find a very deadly bacteria/virus is the miscroscope company to blame for the find? Google is in the same position. The best thing they can do is to stop indexing sites with such content. But then where do we stop? Who decides what is malicious and what is not? Placing a prominent warning on search results may help google users avoid such sites. But then Google is the loser - it's the same effect as placing gruesome images on cigarettes. Google is in a pretty tight spot here.

Re:do no evil, rat out evil (4, Insightful)

pclminion (145572) | about 8 years ago | (#15699144)

So, Google takes the "do no evil" a step further and calls evil out.

Drop the stupid melodrama. Google is a mechanism for searching for strings of bytes inside other strings of bytes, and prioritizing the results according to certain algorithms. "Calling evil out?" You're insane. I suppose the ANSI C function strstr() is also a Wielder Of The Sword Of Righteousness?

Is there some potential badness that Google is indexing binary file content? What might that be?

How about the RIAA using it to locate caches of MP3 files? It's plausible that a person might have personal backups of their music collection (or *shock* music they purchased on iTunes) and accidentally have those files on a public web server. (Or they could be pirates -- the point is, the technology is not "good" nor is it "evil").

Re:do no evil, rat out evil (-1, Troll)

Anonymous Coward | about 8 years ago | (#15699201)

you're kind of an asshole

Re:do no evil, rat out evil (1)

pclminion (145572) | about 8 years ago | (#15699250)

you're kind of an asshole

Thanks. I try to keep my uncivilized behavior limited to Slashdot.

SOAP? (5, Funny)

breckinshire (891764) | about 8 years ago | (#15698359)

Google SOAP Search API
Is there anything that the Snakes on a Plane Search API can't do?

Re:SOAP? (0)

paradigmdream (915171) | about 8 years ago | (#15698436)

Snakes on a plane was the first thing that popped into my mind when i read the article summary

Re:SOAP? (0)

Anonymous Coward | about 8 years ago | (#15698905)

Funny that snakes on a plane comes to mind first, rather than, well, soap.

Re:SOAP? (1)

szrachen (913408) | about 8 years ago | (#15699198)

Yes, your answer is:
generate enough revenue to pay for itself.

(at least I hope not... God help us all if it does)

Re:SOAP? (1)

orielbean (936271) | about 8 years ago | (#15699306)

When I saw the ad for that movie, I shouted out at the end of the trailer "how are they gonna land the plane without Samuel??" What a crapload.

Re:SOAP? (1, Funny)

Anonymous Coward | about 8 years ago | (#15700746)


Google SOAP Search API

Is there anything that the Snakes on a Plane Search API can't do?


Enough is enough! I've had it with this motherfucking malware on this motherfucking Google!

Correction (4, Informative)

BRSQUIRRL (69271) | about 8 years ago | (#15698363)

That's WSDL [wikipedia.org] , not WDSL. I felt really stupid for a moment trying to figure out what the heck WDSL was.

Re:Correction (1)

k4_pacific (736911) | about 8 years ago | (#15698571)

It's a radio station [wdslradio.com] in North Carolina. Duh.

Re:Correction (1)

Ryan Amos (16972) | about 8 years ago | (#15698745)

But everyone pronounces it "wit-zul"!

What Are They Taking About (2, Funny)

Anonymous Coward | about 8 years ago | (#15698374)

What is a *.exe? Never seen that kind of file on any of my three operating systems. Good, one thing less to worry about.
 

Re:What Are They Taking About (0)

Anonymous Coward | about 8 years ago | (#15698516)

OMG you are so fucking lame^H^H^Heet!

Re:What Are They Taking About (1, Funny)

Anonymous Coward | about 8 years ago | (#15698864)


$ whatis .exe
.exe: nothing appropriate

Future Wikipedia (-1, Troll)

hey (83763) | about 8 years ago | (#15698888)

From a future Wikipedia: .EXE's are binary executables from an operating system called DOS (later rebranded as Windows) that was amazingly once the dominate operating system on the Earth in the late twentieth century.
Approximately 83.5% of EXE's were partly or entirely viruses. Hard as it is to believe now-a-days people actually paid for this bug-ridden, insecure OS. Indeed at the time one of the founders of the company that produced Microsoft became the richest man in the world. This was a at time when money was more important than it is now -- health care wasn't yet universal and software was not all free.

So wait... (3, Funny)

Skynet (37427) | about 8 years ago | (#15698376)

Google is connecting to the whole Internet to fight a global virus infection?

MY DAY HAS COME!!! MNMUAUAUAU!

EXECUTE? [Y/N] _

Re:So wait... (1)

Mayhem178 (920970) | about 8 years ago | (#15698965)

EXECUTE? [Y/N] N
_

gg no rm

Re:So wait... (0)

Anonymous Coward | about 8 years ago | (#15699347)

Curse you, Mayhem178! You've foiled me again...

Y! (1)

antdude (79039) | about 8 years ago | (#15700332)

EXECUTE? [Y/N] Y

Re:Y! (0)

Anonymous Coward | about 8 years ago | (#15700504)

Before you listen to any more drivel by 'AntDude [slashdot.org] ', take a look at who you're dealing with: http://pbx.mine.nu/antdude.jpg [pbx.mine.nu] . The abortion in the center is 'AntDude'. I won't even get into discussion about him listing his 'sex' as 'female' on his SHITTY 'blog' (aqfl.net [aqfl.net] ). This faggot has nothing better to do than sit on the internet and spew worthless garbage. He's the new LostCluster [slashdot.org] when it comes to posting utterly worthless tripe. Not to mention his submitted stories! Every single one of his last 10 or so submissions have been tagged as 'lame' or 'slownewsday'. Why does taco even bother posting his shit. Maybe he gets some tiny deformed chinese cock up his taco ass in exchange for some linkspam with google ads? Do the world a favor and never reply to comments from ANTDUDE and mark him as a FOE [slashdot.org] .

Re:Y! (0)

Anonymous Coward | about 8 years ago | (#15700867)

EXECUTE ANTDUDE? [Y/N]

Y

Re:Y! (1)

antdude (79039) | more than 7 years ago | (#15703521)

ACCESS DENIED.

Re:Y! (0)

Anonymous Coward | more than 7 years ago | (#15703785)

how the christ is all this faggotry getting past the capslock filter?

Little did you know (3, Funny)

neonprimetime (528653) | about 8 years ago | (#15698383)

About 15 percent of the results came back from legitimate Web sites hijacked by malicious hackers and seeded with executables

Little did you know, even /. was hijacked! But the /. masses were not affected because the executables don't run on linux!

Re:Little did you know (1)

syntaxglitch (889367) | about 8 years ago | (#15698449)

Are you making a joke by implying that Slashdot's servers are insecure, by implying that Slashdot's servers run on Windows, or by implying that most Slashdot users run Linux?

Because I'm pretty sure all three are unlikely, but potentially humorous.

Re:Little did you know (-1)

Anonymous Coward | about 8 years ago | (#15698526)

Are you making a joke by implying that Slashdot's servers are insecure, by implying that Slashdot's servers run on Windows, or by implying that most Slashdot users run Linux?

abstract post == karma whore

Re:Little did you know (0)

Anonymous Coward | about 8 years ago | (#15698903)

karma whore caller = karma whore

Re:Little did you know (0)

Anonymous Coward | about 8 years ago | (#15698528)

Are you making a joke by implying that Slashdot's servers are insecure ... Because I'm pretty sure all three are unlikely, but potentially humorous.

You do know that slashdot has been hacked in the past, right?

Re:Little did you know (0)

Anonymous Coward | about 8 years ago | (#15700677)

You do know that slashdot has been hacked in the past, right?

Yeah, right. Provide a reference, or STFU.

Re:Little did you know (1)

pete.com (741064) | about 8 years ago | (#15698517)

...or on a MAC, unless you run bootcamp that is :-0

Re:Little did you know (5, Funny)

yourOneManArmy (986080) | about 8 years ago | (#15698685)

Actually, the real reason it was ineffective was because they put the executables in an article link.

Re:Little did you know (1)

Elminst (53259) | about 8 years ago | (#15699314)

I figured it'd be because this same info was posted 2 years ago, so this recent revelation was tagged as "dupe" and no one read it.

SiteAdvisor (2, Insightful)

torunforever (930672) | about 8 years ago | (#15698427)

Is this similar to what SiteAdvisor [slashdot.org] is doing?

Web Site Contact (3, Interesting)

RetroGeek (206522) | about 8 years ago | (#15698471)

I hope the authors are planning to contact the affected site owners. The article did not mention this.

They could also build a list of these sites to periodically check them to make sure the malware files have been removed.

And it would be nice if they allowed a search facility so some FireFox/SeaMonkey plugin could check to see if that site you are going to has malware installed.

Re:Web Site Contact (3, Insightful)

badfish99 (826052) | about 8 years ago | (#15698795)

Given the current state of the law, it is really dangerous to contact a site owner and tell him that his site is insecure. It is quite likely that you will be prosecuted for "unauthorised access" to the site.

Much better to just add the site to your personal list of things to avoid, and then forget about it.

Re:Web Site Contact (2, Interesting)

Billosaur (927319) | about 8 years ago | (#15699284)

Given the current state of the law, it is really dangerous to contact a site owner and tell him that his site is insecure. It is quite likely that you will be prosecuted for "unauthorised access" to the site. Much better to just add the site to your personal list of things to avoid, and then forget about it.

Which doesn't help the rest of us. And why should a site owner get all bent out of shape if you tell them something they didn't happen to know? They must not be in direct control of the site or are pretty lazy if they are allowing this malware to pile up. And they won't be popular for very long if people catch on that the site is infecting them.

Re:Web Site Contact (3, Interesting)

jafiwam (310805) | about 8 years ago | (#15699058)

Actually, what would be cool is a plugin that can do searches in the background (maybe based on urls linked in a page being currently viewed) and put up an automatic block or popup for the user to know that the link has malware.

Or maybe a system to allow automatic DNS cache injection (on my own DNS client) to prevent lookups going to the correct (infected) site.

Once sites realize that big parts of user base is cutting them off premptively, they'll take notice and get rid of the crap so they can get users back.

Re:Web Site Contact (2, Interesting)

Web Goddess (133348) | about 8 years ago | (#15699206)

Exactly! I was wondering how to use this tool to scan my own website for bad critters.

Re:Web Site Contact (1)

gedeco (696368) | more than 7 years ago | (#15703686)

I hope the authors are planning to contact the affected site owners.

Given the fact that websense sells a product to block users visiting different websites, I believe they will use the data for their products database.

This has... (2, Funny)

Joebert (946227) | about 8 years ago | (#15698473)

... worlds dumbest criminals written all over it.

Securing the Search Engine? (5, Interesting)

Alamoth (927972) | about 8 years ago | (#15698479)

It seems to me that the possibilities for uses of this application of SOAP would be highly beneficial. My initial thought would be the ability to filter your Google searches so that websites that are potentially carrying MalWare are either flagged or not shown at all.

The 15% of sites that are reputable sites being attacked are the biggest threat. These are probably websites people visit often, and people should be warned. Perhaps even web browsers such as firefox and i.e. could incorporate the API into a toolbar and warn users before a dangerous site loads.

My only question is how long does it take for the API to verify the potential threat of a webserver? Is it fast enough for these applications to be feasible? No one wants to wait for their websites to load.

Re:Securing the Search Engine? (3, Insightful)

ZachPruckowski (918562) | about 8 years ago | (#15698561)

I think the real question is "How accurate is it?" I mean that in the sense that "false positives" could be the basis of a slander lawsuit, and "false negatives" are even more dangerous than no warning.

I mean, Joe Average, assuming we get him to eventually worry about malware, might look at the SOAP thing, not see a warning, and assume that means it's a safe site (which may or may not be true). Then he'll get nailed, thinking other precautions are unnecessary.

Re:Securing the Search Engine? (2, Insightful)

Secret Agent X23 (760764) | about 8 years ago | (#15698803)

My initial thought would be the ability to filter your Google searches so that websites that are potentially carrying MalWare are either flagged or not shown at all.
I thought of that, too. But then it occurred to me that the legal folks at Google would probably see it as nothing more than a lawsuit waiting to happen.

Re:Securing the Search Engine? (1)

zobier (585066) | more than 7 years ago | (#15703171)

A black/whitelist would be more efficient.

How to (5, Interesting)

mailspam (988188) | about 8 years ago | (#15698525)

Search on google for something like signature:00004550 inurl:exe
Then, click View HTML

Re:How to (1)

morgan_greywolf (835522) | about 8 years ago | (#15698861)

Sure, that'll get you Windows .exe files, but most of the ones I see with that query are common downloads like Cygwin's setup.exe or the Perl installer or FileZilla's installer. What other sorts of keywords would you add?

Re:How to (1)

Beryllium Sphere(tm) (193358) | about 8 years ago | (#15698986)

Which gets you all Portable Executable files. How do you search for particular executables, for example to search for known malware? (Known malware that isn't polymorphic or in a packer, but virus scanners have the same problem).

Re:How to (2, Informative)

Opportunist (166417) | about 8 years ago | (#15699527)

Well, a lot of current malware is binary (mostly) identical in most of its variants. There are (sadly or luckily) few of the "old school" virus writers around anymore that take their time to carefully craft polys, so you have a decent chance that if you have a sample, you get an idea of its spread.

Re:How to (2, Informative)

MrVictor (872700) | about 8 years ago | (#15699170)

Google can also filter results by file extension. eg: filetype:exe

Re:How to (1)

pe1chl (90186) | about 8 years ago | (#15700477)

Did you try that? It does not work, at least here it doesn't.

Re:How to (1)

MrVictor (872700) | about 8 years ago | (#15701702)

Yes, it works. You need to provide keywords as well. Search for Image File Header filetype:exe

Just be careful when clicking the search links... (4, Funny)

jbarr (2233) | about 8 years ago | (#15698541)

Though it may be obvious to most, if you execute the Google search, don't just start clicking on the returned links, because the links point to virus-infected files. Our Trend Micro Office Scan immediately caught several viruses after clicking on several links...

Re:Just be careful when clicking the search links. (0)

NatasRevol (731260) | about 8 years ago | (#15698748)

I'll click on all the damn links I want!! I've got a Mac!!

Oh, wait, I just got a new MacBook/Parallels/WinXP. Dammit!!

Well, malware *writers* can do the same (2, Interesting)

iamacat (583406) | about 8 years ago | (#15698567)

Sniff everyone's servers for vulnerable binaries and do targeted attacks instead of random IP scans.

Erh... nope (1)

Opportunist (166417) | about 8 years ago | (#15699544)

The binaries you can find through Google are not the binaries the server is running on, it's the binaries it offers. Can be quite different, considering how many PE binaries exist on server that should actually run ELF ones.

McAfee, Norton, and the legend of Bagger Vance (0)

Anonymous Coward | about 8 years ago | (#15698593)

It would have been impressive if only it was McAfee, Norton or such. But wait! They are getting paid for their products, why bother? :)

Am I only to believe that security researcher all over the web, some or many of them doing it on their own time, are the one who really does the job? The anti-virus-and-malware companies do not seem to have proactive R&D, let alone R&D..

Wait a second... (1)

dominion (3153) | about 8 years ago | (#15698631)

Why would anybody have .EXE files on their webservers? .EXE's don't run on Unix.

Re:Wait a second... (1)

jc42 (318812) | about 8 years ago | (#15698761)

Why would anybody have .EXE files on their webservers? .EXE's don't run on Unix.

Um, so that Windows users can download them, maybe?

Just a guess ...

Re:Wait a second... (0)

BrokenHalo (565198) | about 8 years ago | (#15698853)

Why would anybody have .EXE files on their webservers? .EXE's don't run on Unix.

Ummm... Believe it or not, there are lots of players out there (many of whom should know better, but let that pass) who use Winbloze machines as servers.

Go figure...

Re:Wait a second... (1)

Mister Whirly (964219) | about 8 years ago | (#15699115)

Because BSD is dead?

Well, technically... (1)

patio11 (857072) | about 8 years ago | (#15702778)

A windows exe won't run on Unix, but you can name your unix executables whatever the heck you want, including .exe. I do this all the time for ease of portability (Java interface/network code with an external C program to do the heavy lifting, named whatever.exe on both Windows and Linux to save having to edit the Java source) and to visually flag the executables when I ls on a black and white terminal.

But legit sites have URLs with exe? (0)

badzilla (50355) | about 8 years ago | (#15698796)

I'm sure I've seen plenty of legit sites using a .cgi scheme where for some reason there's .exe in the URL. Will these be flagged as malware?

Random example: https://www.thawte.com/cgi/server/status.exe [thawte.com]

Re:But legit sites have URLs with exe? (2, Informative)

AndrewNeo (979708) | about 8 years ago | (#15698859)

No. Two problems with that: One, that type would not return as a binary executable (aka download and run), it'd return HTML or the like. Two, they're looking for malicious programs (or, more likely, using Google to search for the actual malicious code in them.) If they were looking for all executables then they'd have to sift through every file on shareware sites, SourceForge, etc.

Re:But legit sites have URLs with exe? (0)

Anonymous Coward | about 8 years ago | (#15698869)

Does the .exe have a virus in it? As TFA states, if the .exe has a virus in it, it will be flagged as malware. If it doesn't have a virus in it, it will not be flagged as malware. Something being flagged as malware means that it has a virus in it. Did you know that?

Hmmmm.... (3, Funny)

cdr_data (916869) | about 8 years ago | (#15698878)

Does it include NTKERNEL32.DLL in the list?

Cdr. Data

Is there a way to check a specific site? (1)

flipsoft (582240) | about 8 years ago | (#15698894)

Does anyone have sample google syntax used to search for a site that would be susceptible?
I have a few friends that run small sites and would like to check.

-flipsoft

Re:Is there a way to check a specific site? (1)

winterlens (258578) | about 8 years ago | (#15699040)

Try adding site:www.yoururl.com to the search criteria.

I found a virus wirh google deskip (0, Offtopic)

renatonow (988208) | about 8 years ago | (#15699218)

Dont know if this is relevant, but after updating to the newest version of Google Desktop, McAfee detected the following on my laptop: 7/11/2006 2:33:33 PM Deleted RENATONOW\Renato GoogleDesktopCr C:\Documents and Settings\Renato\Local Settings\Temp\4084_zip_dump.exe W32/Alcan.worm!p2p (Virus) Weird

ROTFL (1)

Jacek Poplawski (223457) | about 8 years ago | (#15699267)

"exe files"? How they will affect Linux? I heard lots of about "Linux viruses" or "Linux malware", when I will be happy to see them instead just reading about them? What kind of serious people use Windows anyway?

So... (1)

OfNoAccount (906368) | about 8 years ago | (#15699294)

...is anyone planning to create a trusted blacklist server and an extension for utilizing it in (say) Firefox?

Re:So... (2, Informative)

mozkill (58658) | about 8 years ago | (#15700171)

the new firefox 2.0 beta will query the Google blacklist... its built into the browser and you can enable it by just checking a checkbox in the browser settings...

Websensed! (0)

Anonymous Coward | about 8 years ago | (#15699399)

Anyone have a mirror? TFA is websensed here at work! ;)

Its about time (1)

heson (915298) | about 8 years ago | (#15699912)

After years of script kiddies auto hacking buggy web software via google its about time someone does some white hat stuff.

Amazing (1)

harris s newman (714436) | about 8 years ago | (#15702113)

How many executables were not windows executables? Is this a suprise to anyone?

Roll Your Own Google API Searches (2, Insightful)

ejoe (198565) | more than 7 years ago | (#15703402)

In case you want to try this at home, presuming you're on a MacOS X box and you've got your own free API key from Google, you can easily access the Google API SOAP service using Anthracite Web Mining Desktop toolkit [metafy.com] . Combine it with AppleScript and you're off to the races making your own automated searches. In addition to the Google API interface, there's also a generic SOAP source object for accessing any other SOAP services you want to try. Several examples are included with the download, like how to build a ranked list of top keywords for any given search term. Not only does it get the search results, it will also go load the URLs returned for you automatically. Yes, I wrote the software, and that's why I'm always busy promoting it.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...