When dealing with tracing malware and checking on the status of a website what tools do you use? You’d not want to infect your machine by browsing an infected site would you?!?
First, follow these lists and groups:
- “The Internet Storm Center (ISC) provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers.” http://isc.sans.edu/
- Follow the reports put by kafeine @kafeine and at http://malware.dontneedcoffee.com. You’ll usually finds the latest reports on web exploit kits and sites there.
Here’s a list of some of my go to sites/tools/methods, and in fact I’m inaugurating #HarryHack and #HarryHacks with this post! Note that for some of the links below there is a reference to atlassian.com which I checked out after some alerts and it came back clean – remove those from the links below and enter your own searches. I only left it there for you to see an example report in place of the default site’s screen:
Found a suspect site? Send it to these:
- “urlQuery.net is a service for detecting and analyzing web-based malware. It provides detailed information about the activities a browser does while visiting a site and presents the information for further analysis.” http://www.urlquery.net/report.php?id=6157055
- “Sucuri web monitoring and malware clean up service” http://sitecheck.sucuri.net/results/www.atlassian.com
- “URLVoid.com is a free service that allows users to scan a website address with multiple website reputation engines and domain blacklists to facilitate the detection of possible dangerous websites, used to distribute malware and spyware or related to fraudulent activities.” http://www.urlvoid.com/scan/atlassian.com/
- “The DNS-BH project creates and maintains a listing of domains that are known to be used to propagate malware and spyware.” http://www.malwaredomains.com/
- “Anubis is a service for analyzing malware” http://anubis.iseclab.org/
Have malware to scan? Send it to these sites:
- “VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware” www.virustotal.com
- “ThreatExpert is an advanced automated threat analysis system designed to analyze and report the behavior of computer viruses, worms, trojans, adware, spyware, and other security-related risks in a fully automated mode.” http://www.threatexpert.com/