Malware URLs

It’s been a while since I started writing a first prototype to try to catch as much malware (URLs and samples) as possible. Today I can say my project is all grown up as it’s generating, daily, a feed with around 9.000 malware URLs and with a low rate of false positives (although there may be some).

The process of finding malware URLs  in my tool used to be only a matter of finding suspicious URLs in social networks (Twitter and Identi.ca), checking mail accounts receiving loads of bad stuff and nothing else. At first. Today I’m using crawlers, honeypots, sandboxes, thirdy party public URL feeds, private URL feeds (provided under consent), executable unpackers, heuristic engines for Flash movies, PDFs, OLE2 documents, etc… It changed a lot and became a big project that, I hope, can give useful information for malware researchers.

 

As of today, the final result the general public can see, is just a single plain text file, that can be used with AdBlock, with all the URLs of the last week (you can grab the latest version of the feed in this link). However, in some weeks (perhaps months) we plan (a friend of mine and I) to add a web page and publish an API to let users do, at least, the following actions:

  1. Check URLs
  2. Find URLs or domains
  3. Find how a malware appeared/spread
  4. Find similar malwares during a given time frame
  5. Setup notifications for known malwares reappearing
  6. Setup notifications for similare malwares
  7. Setup notifications for similar URL patterns
  8. etc…

It will take a while to finish the web page and the API service, but it should be finished in a couple of weeks (if our works permits, as it’s a side project we work on our spare time).

Meanwhile, while my friend and I continue working on this project, we want to show you some fancy graphs of the statistics of this project:

daily_urls

 

Heuristics

 

full_av_names

 

NOTE: The Antivirus information is obtained thanks to VirusTotal.

 

5 thoughts on “Malware URLs

  1. Pingback: Compilado de enlaces « programacion@droope

  2. k0ng0

    hey man, jusst wanted to say thanks for your work and will be using your list to get all those nice .exe for my malware collection and research thanks so much!
    I wanted to build something similar but had no idea where to start.

  3. Peter

    First of all great work! could you please expand on the heuristics. What are the categories and how are they calculated. Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *