Google Indexing Executable Files

Claudiu Spulber's original post:

See this, search for "Signature: 00004550" and you'll see about 200,000 results of executable files being indexed... Anyway, this must be a bug. I mean what use is from having the executable files indexed, as in the View as HTML section there is no relevant information. Plus this is a security risk, even a high one. Because sites full of spyware might use this redirect bug to have spyware executables indexed and when the user will click it automatically installing all the malware in the world.

googlesystem's detailed explanation:

Google indexes the file's headers and if you look at the cache, you'll see something like this:
WINDOWS EXECUTABLE
32bit for Windows 95 and Windows NT
Technical File Information:
Image File Header
Signature: 00004550
Machine: Intel 386
Number of Sections: 0003
Time Date Stamp: 3b7dc821
Symbols Pointer: 00000000

Websense security labs blog explains how they have used this to find malicious Web sites (no direct link to the post):

We queried not only for the NT signature, but also for unique identifiers within the PE file format that would allude that the file was potentially malicious... Our results show that we were able to collect thousands of pieces of malicious binaries, mostly posted to newsgroups with false names that would normally trick a user, we found many on forum sites, as well as regular personal, educational, compromised, and underground sites. We also found several pieces of spyware on poker and casino sites. We found variants of the Bagel, and Mytob worms, various trojans, and many other malicious binaries... It should also be noted that although this is also a useful tool for other security research experts to discover malicious code, the potential for malcode authors to use it is also there.

And finally this article ('Google's Binary Search Helps Identify Malware') in pcworld:

Google has seen this happen "on occasion," and is making an effort to shield users from this malicious software, a Google spokeswoman said... "I think the 'tricking your browser into running an executable file' trick is a little old," said Long, who wrote the book Google Hacking for Penetration Testers. "There are other more elegant attacks to worry about."

To index, or not to index: that is the question!