6.23.2006

Google indexing executable files

I was searching for a Firefox installation file when I've seen on Google that the setup was indexed and if you click on the Google result the download will start automatically. See this, search for "Signature: 00004550" and you'll see about 200,000 results of executable files being indexed.

google indexing executable files

This is possible because a link to a normal website was redirected automatically to an executable file (probably from apache), as you can see for skype where the page www.skype.com/go/getskype appears in the first position and if you click Skype will start downloading automatically. You also have the choice of clicking the View as HTML link and just as with other formats, the file information is displayed.

file information displayed

Anyway, this must be a bug. I mean what use is from having the executable files indexed, as in the View as HTML section there is no relevant information. Plus this is a security risk, even a high one. Because sites full of spyware might use this redirect bug to have spyware executables indexed and when the user will click it automatically installing all the malware in the world. I've tested this. For instance if you search for Backup4all (a backup program), beside normal results from clean sites, you'll get either on page one or two (depending on the google server) a link from yaguo.com that is an executable file containing spyware (yes I've downloaded this specifially and monitored it, and it installs spyware). So if a normal user searches to install a clean program it's possible to accidentally end up installing some spyware. This is wrong and should be corrected.
Posted by GoodLe
Labels:

4 comments:

  1. Interesting. Searching for "Machine: Intel 386" yields lots of files. Haven't figured out valid AMD or ppc variations on that, though.

    I'm pretty sure this is intentional, but I agree it may not be a great idea.
    ReplyDelete
  3. This comment has been removed by a blog administrator.
    ReplyDelete
  4. To my surprise I've seen that some websites started publishing articles about Google's binary search capabilities. First of all "Websense researchers used the Google API to find malicious executables in Google's index, and seems like they've found lots of "goodies":

    Our results show that we were able to collect thousands of pieces of malicious binaries, mostly posted to newsgroups with false names that would normally trick a user, we found many on forum sites, as well as regular personal, educational, compromised, and underground sites. We also found several pieces of spyware on poker and casino sites. We found variants of the Bagel, and Mytob worms, various trojans, and many other malicious binaries.
    Of course that this doesn't happen only in Google, if you do the same search on MSN or Yahoo you'll see that these also index .exe files. This might become the next feature in web filtering (parental control) programs, more exactly a filter for possibly dangerous files that show up in search engines (.exe, .dll, .reg ...).

    Anyway, if you want to read other articles on this subject just choose one of the below links:

    PC World
    ArsTechnica
    Websense
    Thestandard.com
    Arnnet.com.au
    PCWorld.idg.com
    Idgns.com
    Infoworld.com
    Computerworld.com.au
    Cio.com
    Blog.syscentral.deTweakers.net
    Home.nl
    Webwereld.nl
    Internetstandard.pl
    Networkworld.com
    News.yahoo.com
    ReplyDelete

Subscribe to: Post Comments (Atom)