Sunday, January 16, 2011

Malicious Domain Check: article 201101

Takeaways: 3 websites to query to help determine if a site is or has possibly hosted malicious software: http://www.google.com/safebrowsing/diagnostic?site=whyjoseph.com, http://www.siteadvisor.com/ and http://www.malwaredomainlist.com/mdl.php

During the course of my duties I want to verify if a URL visited is indeed possibly malicious. You see I have a "trust but verify" philosophy when it comes to vendors and technology. This bit of doubt should not be taken as offensive as it merely stems from the fact that we are all human and we make mistakes. Beyond mistakes there is also the fact that technologies can be subverted; but I have digressed.

The point of this post is that I use 3 or more sources to help verify a security tool I use that reports that a domain is malicious.

Google Safe Browsing Project
http://www.google.com/safebrowsing/diagnostic?site=

Google's link gives good info for the past 90 days. It will report the last time it visited the site and if malicious pages are found it will give a count of those pages along with a short list of additional malicious sites if the primary is acting as a host. In case you don't know when using the the link above replace the part after the "=" sign, in this case , with the actual domain name. For example: http://www.google.com/safebrowsing/diagnostic?site=whyjoseph.com

McAfee Site Advisor
http://www.siteadvisor.com/
On this page you simply enter the name of the domain into a field on the web page. This site provides a green check or a red x based it's finding of the site. I did notice once that it actually showed what malicious software file would be downloaded if the malicious site were visited.

Malware Domain List (MDL)
http://www.malwaredomainlist.com/mdl.php
This site is the foundation a great community for malware analysis. But since we are just looking to determine if they have posted a site as possibly malicious you can query their database. The page has a field where you can enter the domain name or just use partial names to see if there is a match.

Well I hope this helps anybody that comes across this page and if there are any other sources or thoughts on this please comment!

.