Our (FireEye's) appliance can do this.
It's primary purpose is to detect bot traffic in network traffic
(passively monitored), and one of it's major ways of doing this is to
detect the malicious website infection as it happens (we scan using
statistical anomaly detection techniques to look for potentially
malicious entities in HTTP traffic - eg obfuscated Javascript -- and
then confirm them by running them inside a browser in an instrumented
virtual machine). By this means, we can detect most malicious
websites with almost no false positives.
The appliance also has a mode where you can point it at a list of
potentially malicious URLs and it will directly run the VM analysis on
those URL and tell you whether it's malicious or not. (It's not
oriented to crawling - it will check a single requested URL at a time
and whatever is automatically included from that by the browser).
Stuart Staniford,
Chief Scientist, FireEye
On Dec 22, 2008, at 5:10 AM, <[email protected]> <[email protected]>
wrote:
Is there any commercial / free tool to externally scan websites for
malwares?
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
