Malware Domain List

Anything Goes => This and That => Topic started by: JohnC on June 08, 2009, 03:05:42 pm

Title: Malicious Google Dorks
Post by: JohnC on June 08, 2009, 03:05:42 pm
inurl:"xplaymovie.php?id=" (http://www.google.com/search?q=inurl:%22xplaymovie.php%3Fid%3D%22&hl=en&filter=0)
inurl:"xplay.php?id=" (http://www.google.com/search?q=inurl:%22xplay.php%3Fid%3D%22&hl=en&filter=0)
inurl:"xxxplay.php?id=" (http://www.google.com/search?q=inurl:%22xxxplay.php%3Fid%3D%22&hl=en&filter=0)
inurl:"xplays.php?id=" (http://www.google.com/search?q=inurl:%22xplays.php%3Fid%3D%22&hl=en&filter=0)
inurl:"xmovie.php?id=" (http://www.google.com/search?q=inurl:%22xmovie.php%3Fid%3D%22&hl=en&filter=0)
inurl:"xfreeporn.php?id=" (http://www.google.com/search?q=inurl:%22xfreeporn.php%3Fid%3D%22&hl=en&filter=0)
intitle:"PornTube: best movies collection." (http://www.google.com/search?q=intitle:%22PornTube:+best+movies+collection.%22&hl=en&filter=0)
"This program is potentially dangerous for your system. Trojan-Downloader stealing passwords, credit cards and other personal information from your computer." (http://www.google.com/search?q=%22This+program+is+potentially+dangerous+for+your+system.+Trojan-Downloader+stealing+passwords,+credit+cards+and+other+personal+information+from+your+computer.%22&hl=en&filter=0)

Title: Re: Malicious Google Dorks
Post by: SysAdMini on June 08, 2009, 03:23:32 pm
http://www.google.com/search?hl=en&as_q=&as_epq=A+REAL+FUCK+DOLL+BEING+GIVEN+8+INCHES+OF+PAIN+&as_oq=&as_eq=&num=100&lr=&as_filetype=&ft=i&as_sitesearch=&as_qdr=all&as_rights=&as_occt=any&cr=&as_nlo=&as_nhi=&safe=images

http://www.google.com/search?hl=en&as_q=&as_epq=nice+bonus+at+the+end.+girl+next+door+with+stripper+sized+cans.+match+made+in+heaven!&as_oq=&as_eq=&num=100&lr=&as_filetype=&ft=i&as_sitesearch=&as_qdr=all&as_rights=&as_occt=any&cr=&as_nlo=&as_nhi=&safe=images
Title: Re: Malicious Google Dorks
Post by: JohnC on June 18, 2009, 06:57:53 pm
intitle:"iframe src http://" (http://www.google.com/search?q=intitle:%22iframe+src+http://%22&hl=en&filter=0)
intitle:"script src http://" (http://www.google.com/search?q=intitle:%22script+src+http://%22&hl=en&filter=0)
Title: Re: Malicious Google Dorks
Post by: ocean on July 29, 2009, 12:43:26 pm
"My Computer Online Scan" (http://www.google.com/search?hl=en&q=intitle%3A%22My+Computer+Online+Scan%22)

refined search (http://www.google.com/search?q=intitle:%22My+Computer+Online+Scan%22+%22your+info%22&hl=en&filter=0)

similar results (http://www.google.com/search?q=intitle:%22My+Computer+Online+Scan%22+%2B%22private+data%22&hl=en&filter=0)

haven't found any executable yet.
Title: Re: Malicious Google Dorks
Post by: lelenina on July 01, 2010, 06:19:09 am
How do you find these malicious searches?  Do you just copy and paste from the actual malicious source?  That's what it looks like for the fake scanner one.
Title: Re: Malicious Google Dorks
Post by: ocean on July 27, 2010, 11:29:20 pm
How do you find these malicious searches?  Do you just copy and paste from the actual malicious source?  That's what it looks like for the fake scanner one.

copying the actual malicious source title for example can be a good start.
then you can refine the search by using and combining the advanced/logical operators.

here's a nice cheat sheet: http://www.googleguide.com/advanced_operators_reference.html

ocean