Monday, July 24, 2006

An Intergalactic Security Statement

Hell of a comment on the Malware Search Engine. Hackers crack secret Google malware search codes :

"Hidden malware search capabilities within Google which were reserved for antivirus and security research firms just weeks ago have been cracked by hackers, according to security industry sources. The key to finding malware in Google lies in having the signature for the specific malware program, according to researchers from enterprise IT security firm Secure Computing. However, the company reported that these previously hidden search capabilities have recently fallen into the hands of hackers. Why bother creating a new virus, worm or Trojan when you can simply find one and download it using Google? said Paul Henry, vice president of strategic accounts at Secure Computing. Unskilled hackers can use this previously unknown capability of Google to download malware and release it on the internet in targeted attacks as if they wrote it themselves."

Bothering to create a new piece of malware and ensuring its payload gets regularly updated to avoid AV detection is perhaps the most logical need compared to doing reconnaissance for known malware through Google. Looking for the signature means the piece of malware has already been detected somehow, somewhere, namely it's useless even to a script kiddie as I doubt one would do a favor to another, thus increasing the size of someone else's botnet. What you can actually use it for, is look for packed binary patterns, or known functions, and draw up better conclusions.

I really hope Secure Computing are more into harnessing the brand and product portfolio's power of CipherTrust, than they are into the dangers of known malware, not that there aren't exceptions of course!

Space wisdom courtesy of Doctor Fun.

No comments:

Post a Comment