[prev in list] [next in list] [prev in thread] [next in thread]
List: focus-ids
Subject: Re: malware scanning
From: "Stuart Staniford" <sstaniford () FireEye ! com>
Date: 2008-12-31 0:35:37
Message-ID: 799C7899-AC2B-4394-89CE-B78C27902BDB () fireeye ! com
[Download RAW message or body]
Our (FireEye's) appliance can do this.
It's primary purpose is to detect bot traffic in network traffic
(passively monitored), and one of it's major ways of doing this is to
detect the malicious website infection as it happens (we scan using
statistical anomaly detection techniques to look for potentially
malicious entities in HTTP traffic - eg obfuscated Javascript -- and
then confirm them by running them inside a browser in an instrumented
virtual machine). By this means, we can detect most malicious
websites with almost no false positives.
The appliance also has a mode where you can point it at a list of
potentially malicious URLs and it will directly run the VM analysis on
those URL and tell you whether it's malicious or not. (It's not
oriented to crawling - it will check a single requested URL at a time
and whatever is automatically included from that by the browser).
Stuart Staniford,
Chief Scientist, FireEye
On Dec 22, 2008, at 5:10 AM, <sisram2@gmail.com> <sisram2@gmail.com>
wrote:
> Is there any commercial / free tool to externally scan websites for
> malwares?
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
> to learn more.
> ------------------------------------------------------------------------
>
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic