Last week, news has it that Google can help you search for EXE files, specifically Win32 PE (Portable Executable) files, scattered around the Internet. This can be done though the use of the Google keyword “Signature:”.

H.D. Moore (of Metasploit fame) has extended this PE file search capabilities into searching for Win32 malware itself.

Apparently, Google does not only search for PE files, but also parses the PE headers itself! It is this ability of Google that Moore used for his malware seach. Google has these additional search keywords:

• Time Date Stamp
  
  
• Size of Image
  
  
• Entry Point
  
  
• Size of Code

Using these keywords, it is possible to identify specific malware strains, as is shown to us by Moore’s malware search.