The creator of the Metasploit hacking tool and the initiator of the MoBB (Month of Browser Bugs) project has launched a malware search engine that returns live malicious code samples using Google search. H.D. Moore, director of security research at BreakingPoint Systems, has released the Malware Search engine in the wake of Websense Security Labs' announcement that malicious code could be identified by using the Google SOAP (Simple Object Access Protocol) Search API. Moore disclosed that following Websense's option to share its researches only with selected security companies; he began working with experts at the Offensive Computing project to create a similar search engine.

The only actual problem with the Malware Search is that it uses malicious executable files indexed by Google which scarce more than Websens led to imply. "Considering that they're Google, you'd expect better results," Moore commented. "If they could grow their index of executables to some sort of useful amount, then this would be really useful." For this Moore designed the Malware Search engine's interface to identify malware independent of the Google API, by googling using fingerprints, or code strings from existing executable files.

"Attackers have much better sources of malware and the items in the Google index are not recent or useful," Moore said. "If anything, the Google index is a great tool for determining who distributes malware - the actual malware in question is not that interesting." For now, the search engine is limited to only 300 malware signatures, but its creator intends to add 6.000 more in future updates.