how are URLs verified to be malicious?

[tjs]

I'm just curious-- how are URLs verified to be malicious? Is it a manual process or do you just trust user submissions? I sometimes see malware names- what vendors name do you use when you do find malware?

I understand if you don't want to share this information.   

TJS

[sowhat-x]

Sure,why shouldn't we share this kind of information...it's not a trade/military secret,he-he...
Verification is done manually by JohnC after submission,quite a bit of work there...
(makes me feel kind of guilty for not being able to help more at the current moment...) 

Regarding names,I think he prefers using the ones that are used,
by most AVs at the time of scanning...if they've flagged the sample yet of course.
Else,you might see a name like "Generic Downloader","Exploit" or something similar...
But JohnC will provide more accurate detail/info himself in this area...

[JohnC]

Precisely what sowhat-x stated. I try to use a known name, rather than giving it something original just for the sake of it. Then people that come here looking for a specific piece of malware can try and find it based on the name if it is in the list. I try and use a common name that most AVs recognise it by, but if they use multiple names, sometimes I will use different names seperated by a slash. Sometimes it is quite generic though, such as "Downloader" or "Exploits" or "Trojan" etc... I have had requests to try and be more specific with regards to exploits, which is something I would like to do. But with exploit packs that try a variety of exploits, I either would have to put the name of the exploit pack or list all exploits etc... plus this takes more time. Maybe in the future I will do this, but for now this seems alright.