A security firm warned on Monday that Google's ability to search on the signature of executable files allows anyone to find malicious code as well as create links using Google that lead potential victims to sites hosting the code.
In an advisory posted to its Web site, filtering and security firm Websense highlighted the ability of the Google search engine to find executable code as a moderate risk. Using a string prepended to all valid Windows' portable executable (PE) files and other attributes from known malicious code, the researchers found thousands of programs hosted on underground sites and in newsgroup archives.
"While we do not believe that the fact that Google is indexing binary file contents is a large threat this is further evidence of rise in websites being used as an method of storing and distributing malicious code," the advisory stated. "It should also be noted that although this is also a useful tool for other security research experts to discover malicious code, the potential for malcode authors to use it is also there."
Google has always been a popular tool for security researchers. Google hacking, or using the search engine to find vulnerable Web applications by querying for specific code flaw, typically turns up a large number of insecure sites. Malicious code has sometimes used the search engine to create a list of potentially vulnerable sites to which to spread.
"We deplore these malicious efforts to violate our user's security," the company said in a statement. "When possible, we endeavor to shield our users from these executable files, however we always encourage users to keep their security software up-to-date to ensure the safest web surfing experience."
Google may have already taken steps. One blog on the topic of searching for executable files mentioned that 140,000 search results popped up to the signature search. On Tuesday morning, less than 95,000 results were produced.
UPDATE: The news brief was update at 11:30 a.m. PST with a statement from Google regarding the ability to search for malicious code.
Posted by: Robert Lemos