An unofficial blog that watches Google's attempts to move your operating system online since 2005. Not affiliated with Google.

Send your tips to gostips@gmail.com .

June 24, 2006

Some Google Results Are EXE Files


I've posted earlier that you can find all kinds of file types in Google index, including EXE files. Claudiu Spulber reports that you can find innocent-looking sites that redirect to EXE files with spyware.

If you search for ["Signature: 00004550"], you'll find 192,000 results (if Google's count is accurate), mostly executables. Google indexes the file's headers and if you look at the cache, you'll see something like this:

WINDOWS EXECUTABLE
32bit for Windows 95 and Windows NT
Technical File Information:
Image File Header
Signature: 00004550
Machine: Intel 386
Number of Sections: 0003
Time Date Stamp: 3b7dc821
Symbols Pointer: 00000000

What's interesting is that the results have addresses that make you think there's nothing wrong with them (like crcdatatech.com/help), they don't have an EXE extension and when you go to the site you're prompted to download the file. And if you click "run" instead of "save" or "cancel", prepare for the worst.

I think Google should remove all dangerous files from their index (EXE, MSI, COM, REG) and that should be an easy task, as they have a very similar pattern.

Gmail doesn't allow you to attach EXE files or ZIP archives that contain EXE files.

This blog is not affiliated with Google.