Google Search API Worms 2

I covered Google AJAX Search API functionalities a week ago. I also provided my view why this service is practically dangerous and how it can be used by AJAX/JavaScript based worms to propagate. It seams that the situations have become a lot more interesting since Google released a full blown AJAX Search Service called SearchMash.

I am not planning to go into details again why and how SearchMash can be used for malicious purposes. Anyone who is interested in this subject can preview my previous article here. The extensive comment log is also quite interesting.

I am planning to implement some of the SearchMash features into AttackAPI GoogleSearch module in the 0.9 release. I really like what the Google guys are doing but at the same time I can clearly see the dangerous side of their work.