A security researcher has posted code on the internet that can be used to search Google's database for malware.
The tool is similar to one developed by web-filtering vendor Websense last week, but which was not released to the general public. Websense said that making this software public could lead to its being misused by attackers.
Using a database of digital fingerprints of known malware - called 'signatures' - the Malware Search tool uses the popular search engine to find a number of known worms and viruses. It was developed by HD Moore, the researcher best known as the developer of the widely used Metasploit hacking tool. Moore's tool, which was posted early yesterday, can be found here.
although Google is widely used to search the internet for web pages and office documents, the search engine can peek through the binary information stored in the normally unreadable executable (.exe) files that are run by Windows computers. Google won't say when it added this feature, but it has gained the attention of security researchers over the past three months.
Moore built his tool to help shed some light on how much malware was actually being indexed by Google, he said. His findings: not much.
When the security researcher examined a sample of about 4GB of executable code, he found that very few of the programs were malicious. "You can search for malware, but it's not a big risk," he said.
Of the approximately 2,400 samples he examined, 125 contained malware. More than 90 of these popped up as part of malicious email messages stored in online email archives. The rest of the samples came from websites that were actively distributing malware.
So any attacker that might be looking to find sources of malware using Moore's tool will probably be disappointed.
"Attackers have much better sources of malware and the items in the Google index are not recent or useful," he said. "If anything, the Google index is a great tool for determining who distributes malware - the actual malware in question is not that interesting."