Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2005-08-06 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Malware URLs.

Published: 2005-08-06
Last Updated: 2005-08-07 02:38:54 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

Malicious URLs



Its pretty obvious, that a lot of the malware these days arrives hidden behind a URL in an e-mail or an instant message. We would like to start collecting these URLs, and explore some automated methods to validate them and maybe report them.

This project is in 'pre beta' now, and help any is appreciated. The plan is to download any content from these URLs, and maybe one or two links down, run it through a virus checker for known 'bad stuff' and keep monitoring them for changes.

The URL (non malicious ;-) ) to report URLs is: http://isc.sans.org/urlcheck.php .

Things I am looking for:

- scripts to extract URLs from spam (or regular email)

- any regular expressions someone may have to look for malicious javascript
Ultimatly, a list of verfied malicious URLs will be made available. I also hope to release the 'check' script to distribute the checking of URLs.

--------

Johannes Ullrich, jullrich\<script language="malicious">alert('dont spam')</script>@sans.org
Keywords:
0 comment(s)
Diary Archives