Site Related > Site / Forum Discussion

how are URLs verified to be malicious?

(1/1)

tjs:
I'm just curious-- how are URLs verified to be malicious? Is it a manual process or do you just trust user submissions? I sometimes see malware names- what vendors name do you use when you do find malware?

I understand if you don't want to share this information.   :-X

TJS

sowhat-x:
Sure,why shouldn't we share this kind of information...it's not a trade/military secret,he-he...
Verification is done manually by JohnC after submission,quite a bit of work there...
(makes me feel kind of guilty for not being able to help more at the current moment...)  :-[

Regarding names,I think he prefers using the ones that are used,
by most AVs at the time of scanning...if they've flagged the sample yet of course.
Else,you might see a name like "Generic Downloader","Exploit" or something similar...
But JohnC will provide more accurate detail/info himself in this area...

JohnC:
Precisely what sowhat-x stated. I try to use a known name, rather than giving it something original just for the sake of it. Then people that come here looking for a specific piece of malware can try and find it based on the name if it is in the list. I try and use a common name that most AVs recognise it by, but if they use multiple names, sometimes I will use different names seperated by a slash. Sometimes it is quite generic though, such as "Downloader" or "Exploits" or "Trojan" etc... I have had requests to try and be more specific with regards to exploits, which is something I would like to do. But with exploit packs that try a variety of exploits, I either would have to put the name of the exploit pack or list all exploits etc... plus this takes more time. Maybe in the future I will do this, but for now this seems alright.

Navigation

[0] Message Index