What is Google Binary Search and Should We Fear It?

The so-called Google Binary Search (GBS) gained a fair bit of press attention in July 2006, when PC World published an article entitled 'Google's Binary Search Helps Identify Malware'. In the article, Websense revealed that they had used an undocumented Google search feature to identify malicious code. At the time, Websense Senior Directory of Security, Dan Hubbard, indicated that he planned to privately share the code that they were using among fellow security researchers, but would not be making it public.

GBS was back in the news a couple of weeks later when PC World published a follow up article. This time around, the article discussed HD Moore's Malware Search project, which had recently been made public. Moore downplayed the threat of GBS being used to obtain malcode and argued that it was more useful for identifying sites that distribute malware.

To the best of my knowledge, GBS is not publicly documented or mentioned by Google. This in and of itself is interesting for a company that typically provides early insight into research projects via Google Labs. After a fair bit of searching, I was unable to find much beyond Moore's Ruby source code to provide insight into how GBS works. If you don't speak Ruby, this blog is for you.