Binary search finds infected sites
Not everyone knows that search engines almost all search engines index executable files. But this can be visually seen if you enter a search query on Google, for example, “Signature: 00004550” (NT signature, which is present in all executable files under Windows), where among the search results will be about 200 thousand such files. The result can also be seen in the screenshot . Similar results are obtained by searching on MSN and searching on Yahoo.
If, instead of NT signatures, to search for specific virus signatures, then a search by binary codes turns Google into a kind of “virus search engine”. Websense employees created a program that, through the Google API, searched the web for sequences of program code specific to Bagel, Mytob, and other viruses. In a month, about two thousand infected sites were discovered, reports Dan Hubbard, director of security and research at Websense.
However, we will not be able to verify these results, because Websense specialists will show the program they have created only to selected specialists and their colleagues. They say that if this tool gets into free access, then it can be used by intruders. For example, beginners “hackers” will use it to search for viruses and other tools for their activities on the network. Access to such "bad" tools is much easier.
')
In addition, there is another threat. Hackers can specifically include in the code of executable files text optimized for search engines. In this case, for example, a Google user may accidentally launch a file for execution by clicking the link in the search results.
However, to run the file for execution, you must also confirm this through the standard Windows system message. By the way, Google representatives admit that sometimes this happens.
If, instead of NT signatures, to search for specific virus signatures, then a search by binary codes turns Google into a kind of “virus search engine”. Websense employees created a program that, through the Google API, searched the web for sequences of program code specific to Bagel, Mytob, and other viruses. In a month, about two thousand infected sites were discovered, reports Dan Hubbard, director of security and research at Websense.
However, we will not be able to verify these results, because Websense specialists will show the program they have created only to selected specialists and their colleagues. They say that if this tool gets into free access, then it can be used by intruders. For example, beginners “hackers” will use it to search for viruses and other tools for their activities on the network. Access to such "bad" tools is much easier.
')
In addition, there is another threat. Hackers can specifically include in the code of executable files text optimized for search engines. In this case, for example, a Google user may accidentally launch a file for execution by clicking the link in the search results.
However, to run the file for execution, you must also confirm this through the standard Windows system message. By the way, Google representatives admit that sometimes this happens.
Source: https://habr.com/ru/post/1571/
All Articles