Its pretty obvious, that a lot of the malware these days arrives hidden behind a URL in an e-mail or an instant message. We would like to start collecting these URLs, and explore some automated methods to validate them and maybe report them.
This project is in 'pre beta' now, and help any is appreciated. The plan is to download any content from these URLs, and maybe one or two links down, run it through a virus checker for known 'bad stuff' and keep monitoring them for changes.
The URL (non malicious ;-) ) to report URLs is: http://isc.sans.org/urlcheck.php .
Things I am looking for:
- scripts to extract URLs from spam (or regular email)
Ultimatly, a list of verfied malicious URLs will be made available. I also hope to release the 'check' script to distribute the checking of URLs.
Johannes Ullrich, jullrich\<script language="malicious">alert('dont spam')</script>@sans.orgI will be teaching next: Intrusion Detection In-Depth - SIEM Summit & Training 2019
Aug 7th 2005
1 decade ago