I was recently asked a few questions about malwareblacklist.com, a project I created a while back.
1. What is the idea behind MalwareBlacklist.com?
The goal is to create a quality resource for security researchers and companies looking for up-to-date malicious sites.
2. Who typically are users of MalwareBlacklist.com?
Our users range from traditional malware researchers, students working on a thesis, and security companies that use our list to protect their users/customers.
3. Do you happen to have any figures on how many submissions there are to it, such as monthly or daily? Is it correct that some of what is submitted makes it into the databases used by Pareto’s security products?
That is correct, anyone can submit URLs to our system which, once validated, will appear on the site. We work with other companies that share several hundred links a day, but the overall community is also quite active. For example, one of our users has already submitted more than 500 URLs in just a few months.
4. Am I right to assume that most of the additions to it from ParetoLogic come from the honeypot scans? If so, could you please briefly explain how a honeypot scan?
It is how it works for the most part, although some are also done manually. What we call HoneyPot is a set of machines configured as “high interaction honey-clients” . A less technical explanation would be computers that are designed to match various end-users configurations and sent to browse bad sites. The term “honeypot” means a system which can collect information for research purposes while at the same time looking like any other computer so that cyber criminals cannot differentiate the two.
5. Is there anything else that should be mentioned about the black list?
It’s free! We also encourage other security people/companies to share data with us for the benefits of everyone. Also, because most URLs are very volatile (their time-to-live is relatively short), we archive their content (html source code and binaries) so you can analyze them again and again.
Jerome Segura
Leave a reply
