'Re: malware scanning'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-ids
Subject:    Re: malware scanning
From:       "Stuart Staniford" <sstaniford () FireEye ! com>
Date:       2008-12-31 0:35:37
Message-ID: 799C7899-AC2B-4394-89CE-B78C27902BDB () fireeye ! com
[Download RAW message or body]


Our (FireEye's) appliance can do this.

It's primary purpose is to detect bot traffic in network traffic  
(passively monitored), and one of it's major ways of doing this is to  
detect the malicious website infection as it happens (we scan using  
statistical anomaly detection techniques to look for potentially  
malicious entities in HTTP traffic - eg obfuscated Javascript -- and  
then confirm them by running them inside a browser in an instrumented  
virtual machine).  By this means, we can detect most malicious  
websites with almost no false positives.

The appliance also has a mode where you can point it at a list of  
potentially malicious URLs and it will directly run the VM analysis on  
those URL and tell you whether it's malicious or not.  (It's not  
oriented to crawling - it will check a single requested URL at a time  
and whatever is automatically included from that by the browser).

Stuart Staniford,
Chief Scientist, FireEye


On Dec 22, 2008, at 5:10 AM, <sisram2@gmail.com> <sisram2@gmail.com>  
wrote:
> Is there any commercial / free tool to externally scan websites for  
> malwares?
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
> to learn more.
> ------------------------------------------------------------------------
>

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic