Wednesday, July 01, 2009
Malzilla: Exploring scareware and drive-by malware
Yesterday included a SANS ISC diary post regarding a tool list useful for de-obfuscation. Amongst the entries was Malzilla.
Fortuitous timing I say!
My toolsmith column for July's ISSA Journal is a complete analysis of Malzilla's capabilities.
Malzilla is best described as a useful program for use in exploring malicious pages, allowing you to choose your own User Agent and referrer and use proxies. While it downloads Web content, it does not render it, so it is not a browser. Think of it as WGET with a user interface and some very specific talents. In Using Malzilla, we’ll take a close look at rogue AV tactics and exploit sites in order to study the infection process utilized.
Lenny Zeltser contributed great feedback regarding Malzilla for this piece, thus furthering the tool's credibility.
Give the article a read and add Malzilla to your arsenal.
Cheers.
del.icio.us | digg | Submit to Slashdot
Please support the Open Security Foundation (OSVDB)
Subscribe to:
Post Comments (Atom)
Moving blog to HolisticInfoSec.io
toolsmith and HolisticInfoSec have moved. I've decided to consolidate all content on one platform, namely an R markdown blogdown sit...
-
Continuing where we left off in The HELK vs APTSimulator - Part 1 , I will focus our attention on additional, useful HELK features to ...
-
As you weigh how best to improve your organization's digital forensics and incident response (DFIR) capabilities heading into 2017, cons...
-
Ladies and gentlemen, for our main attraction, I give you...The HELK vs APTSimulator, in a Death Battle! The late, great Randy "Macho...
1 comment:
Thanks Russ! I'm always looking for more tools to analyze web-borne threats... wget has been useful but painful when analyzing complex redirect chains, etc...
This is awesome!
Post a Comment