New Tool in the Fight Against Malware Distribution
Maarten Van Horenbeeck writes on the SANS ISC Daily Handler's Diary:
The Internet Storm Center often reports on the use of defaced websites in malware distribution. High profile examples such as the recent Dolphin Stadium web site compromise show that web masters have every reason to be very interested in exactly what they are serving up to an ever more mobile and global audience.More here.
Niels Provos recently released a tool, SpyBye, that allows a webmaster to perform exactly such an audit. SpyBye, of which version 0.2 was released yesterday, is a proxy server that analyzes a requested url, submits any links it finds through a rule based engine (including a list of known malicious sites) and then categorizes these in three categories: harmless, unknown or dangerous.
A webmaster can install it on his local machine and then access his website to get detail on what exactly is taking place during the connection - that same webmaster, having knowledge of the expected content, will also be able to easily identify content that is suspicious, but could otherwise have been unreadable when obfuscated through some form of URI-encoding.
0 Comments:
Post a Comment
<< Home