Sunday, April 12, 2009

wepawet - Analyzing Web-Based Malware

One of the most prevelant mode of infection is headed through malicious web-sites. An attacker may chose to host his own site & use it for malware propagation. Or better still, exploit vulnerabilties in other web site(s) & host his malware code on them.

There are different ways to verify if a site is hosting malicous script(s) - varying from tedious manual inspection of code, to using tools such as Malzilla (http://malzilla.sourceforge.net/) & several others, or verifying with Google Safe Browsing.

wepawet is a simple service/tool that many security professionals prefer to use for analyzing web based malicious code.

wepawet is a service for detecting and analyzing web-based malware. It currently handles Flash, pdf and JavaScript files.

wepawet analyzes a web-site & provides us with good information about the malicious resource, & the vulnerabilities exploited during an attack.

Basically, wepawet is a simple point, click & shoot tool for analyzing web-based malware.

You can check out wepawet here:

No comments:

Post a Comment

Disclaimer

The views, information & opinions expressed in this blog are my own and do not reflect the views of my current or former employers or employees or colleagues.