Finding Malware On Your Own

In my previous post, I listed a number of websites that offer either malware collections or links to infected sites but what if you want to find your own infected sites (and malware)?

Make no mistake, finding malware on your own is generally slow and tedious. One of the best ways that I’ve found to “stumble” upon an infected website is to do a web search for something like:

dark souls download

or

game of thrones season 6 download

The initial pages of search results are what one would expect – torrent sites and game/movie review sites. However, once you get about 8 – 10 or more pages deep, you’ll start to see things like this:

FM_bullhornreach

That doesn’t look right. According to their website, Bullhorn Reach is a recruiting company:

FM_bullhornreach2

It looks like we’ve found a compromised website.

If they’re hosting a single download like this, they’re most likely hosting others. Let’s see what we can find with a little Google dorking. Try searching with:

download site:bullhornreach.com

Here’s what I got when I did that:

FM_bullhornreach3

Over 2,200 download links! Either the site is compromised or someone on the “inside” is using the company server as his/her own personal file server.

Most of these types of links seem to lead to web pages with standard, run-of-the-mill malware (e.g., fake Adobe updaters, download managers, pop-ups with fake tech support scams, etc). Some actually even do lead to the searched for item.

At this point, one can either try to figure out how the site was compromised or perhaps try to snag some malware and reverse engineer it. The choice is yours.

 

One thought on “Finding Malware On Your Own

  1. Malware Reverser

    Another way that I have used to manually search for malware is urlquery and you can get the direct link to the exe

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *