He worked with others, including researchers at the Offensive Computing project — who gave him access to their malware database — to create the code, which includes a malware signature generator, a malware Google API signature search application, and a malware downloader.
Last week, San Diego-based Websense noted that Google indexes binary files, in particular some Windows executables, and in general terms described how it created a toolset that used the search engine’s API to automate detection of malware and malicious code-infected sites on the Internet.
In a July 10 interview, Dan Hubbard, Websense’s senior director of security, said the company would share the search tools only with a select group of researchers. “Rather than looking for strings within Bagle or MyDoom, look for the evidence of packers in executables.”
Moore and Hubbard also disagreed on the danger of publicly releasing a Google-based malware search tool, with the latter holding to Websense’s earlier position of keeping its findings within the security community by distributing them only on private mailing lists.
http://www.darkreading.com/document.asp?doc_id=99328&WT.svl=cmpnews2_1