Tuesday, July 31, 2012

Simple Diagnosis of Your Website using Google Safe Browsing

As an Admin, Web Master or owner of a website, one might need to do a quick check of the wellbeing of a website. A handy way to do so is to use the Google Safe Browsing Diagnostic page. It is as simple as sending an HTTP request of the form: http://www.google.com/safebrowsing/diagnostic?site=http://pausethenreflect.blogspot.com. In this request, we are asking the Google Safe Browsing API what it knows about the website http://pausethenreflect.blogspot.com for the last 90 days regarding its safety. The diagnostic page (see below) shows up with a couple of details about the page. In the diagnosis result, four important questions are answered by the Google Safe Browsing Service.

Diagnostic page for http://pausethenreflect.blogspot.com
Suspicious?
First, if the site( part of it e.g. a page, a subdomain etc.) is currently listed as suspicious. If suspicious, how many times in the last 90 days that the site (part of it) appeared to be suspicious is included in the diagnostics.

Infections?
Secondly, if Google has analyzed the website over the past 90 days, it shows the number of pages analyzed and how many of the pages were found to allow download(and installation) of malicious software without the user noticing it. It also includes the last time the site was visited by Google and the last time a malicious content/activity is detected. In addition to the timing, the type and number of actual attack payloads (e.g., trojans, exploits), hosting of malware, and the networks on which the site is hosted are shown.

Malware Bridge?
The third diagnostic result tells whether the site has acted as an intermediary for malware distribution over the last 90 days. If so, the results indicate the number and type of malware distribution and the malware hosting target sites.

Malware Host?
The fourth part of the diagnosis tells whether the site is hosting (has hosted) malware over the past 90 days.

The diagnostic page is based on large-scale daily analysis of millions of websites for malicious activities. The diagnostic result may not be so impressing if the website is not already crawled and indexed by Google. But, once the website is analyzed, Google repeats the analysis frequently to give up-to-date diagnostic results.

Although not absolutely bullet-proof, using the Google Diagnostic Page is a free, simple, quick, and insightful first step in understanding the wellbeing of a website, before trying more advanced analysis techniques.
Posted by at 3 comments:
Labels:

Sunday, July 15, 2012

Blacklists of Known (Suspected) Malicious URLs, Domain Names, and IP Addresses

In an attempt to consolidate pointers to blacklists of malicious/suspected URLs, domains, and IPs, I thought of sharing this list I compiled. The lists vary in data format, freshness, usage restrictions, and collection methodology. I personally use such lists as starters for collecting potentially malicious targets on the Web. So, before using these lists for serious experiments, it is obviously important to independently verify whether they are really linked to and in deed initiate some malicious activity. One method is to use a honeyclient such as HoneyC or Capture-HPC.  

I hope to update this list every month as new blacklists may be born, some blacklists may perish, some may become too old to be useful, or some turn to commercial. 

Useful Blacklists:


Note: This list is by no means exhaustive.

Posted by at No comments:
Labels:
Subscribe to: Comments (Atom)