Hi malware fighters,
What do yout hink of HD Moore (metasploit) initiative to google-hack a new search engine that exclusively searches for malware. Are we waiting for this?
Security through obscurity is a bad deal, but do you have to aid people to search for things that searchers need, but script kiddies can do without, and also the malware author.
Read here: http://www.eweek.com/article2/0,1759,1990158,00.asp?kc=EWRSS03119TX1K0000594
I give you an example of how it should be. You are into browser security. You are a FF or Flock fan, and you have heard about the Standard.URL exploit or the FileControleFrame hole or even the Event-StateManager vulnerability. You go to mozilla org and find up the patches and then you install a patched version in components file of nsStandardURL.js, nsFileControlFrame.js or nsEvent-StateManager.js, your browser is more secure, and you learnt somewhat in between.
Not to automate the searching for the ignorants that will do dangerous things with this knowledge.
Some to comment?
Look at the signature file:
http://metasploit.com/research/misc/mwsearch/sigs.txt
polonus
