Hashes and malware go together. When you get a new piece of malware the first thing you should do is create a hash and search for any information available on it. In some cases you may turn up nothing at all, but other times you may end up with a large wealth of information including reports, signatures and more.
At 9b+, we use Google Apps for our email and documents. I send and receive hashes on a weekly basis and realized how much time I was wasting looking up every hash that came my way. Yesterday evening I spent a few hours looking how I could solve this problem. I could make my own service that calls out to all the repositories I know exist, but that is not integrated into my email.
Instead, I decided to create a Google Contextual Gadget that would search my email messages for anything matching an MD5 hash and show me if any reports were available for the hash. Here is what it looks like when I open up a message:
The solution works great and it feels natural having the data displayed right below the message. If a report is available, an icon will be shown that links to the corresponding service’s report therefore saving me loads of time. Right now the app supports the following services:
So how do I get it?
That’s a great question! Google charges me $100 dollars to make a public listing within their marketplace and while that is not a lot, I don’t want to put the cash out quite yet unless there is some interest from the community. Ideally I would like to make the application free, but at most I would charge a few bucks to cover the cost. Also, please note, I never charge for anything and avoid it at all costs, but I am not popular enough for Google to waive the cost.
If it turns out there is no interest or too little to cover the cost, I will release the code and leave it up to the end user to host, install and make everything work. This is not the most ideal setup, but if I go this route I will blog on the technical details of the plug-in.
If you are interested, contact me via email, twitter or comment on the blog.