Metasploit Creator Releases Malware Search Engine

By Ryan Naraine  |  Posted 07-17-2006
H.D. Moore, creator of the Metasploit hacking tool and the security researcher behind the MoBB (Month of Browser Bugs) project, has released a search engine that finds live malware samples through Google queries.

The new Malware Search engine provides a Web interface that allows anyone to enter the name of a known virus or Trojan and find Google results for Web sites hosting malicious executables.

The release of the search engine was motivated in part by a recent announcement by Websense Security Labs, of San Diego-based Websense, that it was using the freely available Google SOAP (Simple Object Access Protocol) Search API to find dangerous .exe files sitting on Web servers.

In an interview with eWEEK, Moore said he worked with researchers at the Offensive Commuting project to create the code after learning that Websense was only sharing its research on private security mailing lists.

Read more here about how Websense mines for malware code with the Google API.

"My Web interface will identify specific malware without the Google API. It directly searches Google using fingerprints from executables that we already have," he said.

Moore's project uses code strings, or fingerprints in malware samples, then runs a search on Google for those characteristics.

The search engine has been programmed with about 300 malware signatures and Moore said he plans to add another 6,000 signatures in a future bug fix update.

Moore, who works as director of security research at BreakingPoint Systems, based in Austin, Texas, said he was surprised to find that the number of executables indexed by Google was much less than the figures thrown out by Websense.

Read the full story on eWEEK.com: Metasploit Creator Releases Malware Search Engine