June 24, 2006
Some Google Results Are EXE Files
I've posted earlier that you can find all kinds of file types in Google index, including EXE files. Claudiu Spulber reports that you can find innocent-looking sites that redirect to EXE files with spyware.
If you search for ["Signature: 00004550"], you'll find 192,000 results (if Google's count is accurate), mostly executables. Google indexes the file's headers and if you look at the cache, you'll see something like this:
32bit for Windows 95 and Windows NT
Technical File Information:
Image File Header
Machine: Intel 386
Number of Sections: 0003
Time Date Stamp: 3b7dc821
Symbols Pointer: 00000000
What's interesting is that the results have addresses that make you think there's nothing wrong with them (like crcdatatech.com/help), they don't have an EXE extension and when you go to the site you're prompted to download the file. And if you click "run" instead of "save" or "cancel", prepare for the worst.
I think Google should remove all dangerous files from their index (EXE, MSI, COM, REG) and that should be an easy task, as they have a very similar pattern.
Gmail doesn't allow you to attach EXE files or ZIP archives that contain EXE files.
Posted by Alex Chitu at 6/24/2006 12:51:00 AM