You know … periodically you get an email or tweet with a link in it. Doesn’t happen that often, right? Should you click on the link or not? Of course we all know to copy the URL from the source, paste it into the address bar directly, and look for a seal like the one to the right. But is that enough? Or is it too late at this point? Today, even many legitimate sites are being compromised and distributing malware … and they don’t even know it. We need something that potentially detects malware BEFORE visiting the site.
(Note: As part of a campaign to bring forward some of our older posts that we feel still benefit the community, we’ve added this article to our Best Of category that will periodically get tweeted out. Please mention it to me on Twitter or contact us if there are any other posts you feel we should include in this category. This post was previously categorized under Infosec Blogs/Podcasts and Securing Mom. [email protected]grecs)
Then last Friday I came across an article on CNET titled “How to check if a Web site is safe” that seemed to address this problem. In it the author mentions several great services (e.g., Unmasked Parasites) as well as accompanying browser add-ons (both independent and those that come in security suites) and application installs (e.g., AVG LinkScanner). He additionally mentions that most modern browsers have web site checking built in as well as a few tools for Android (Mobilation Android & Lookout Mobile Security).
I’ve been meaning to write something up like this for a while now and so this article gave me the motivation to push forward. Where the CNET article seemed to be targeted for general web users with several OS or browser integrated services, my goal is to target infosec pros that want both breadth of service coverage as well as depth in detail. Hopefully, this post will give you the additional details you need to perform a bit more research for our curious minds.
- Expand Shortened URLs and/or Check for Redirects Using UnmaskURL.com: For whatever reason the meta-scanning sites mentioned below do not effectively expand shortened links or take into account safe-looking sites that may redirect to potentially malicious ones. That’s were UnmaskURL comes in. Sure, you could learn all the extra ways of previewing URLs from the different shorteners (e.g., appending “+” to bit.ly addresses) but UnmaskURL does it all for you in one shot. It unshrinks URLs (even nested ones) as well as traverses redirections. Also be sure to check out the links at the top of this website. They offer several other tools that allow more detailed analysis, including encoding/decoding base 64 (unmaskBase64.com) and grabbing the raw HTML of a webpage without rendering it (unmaskContent.com).
- Scan Ultimate Domain with URLVoid.com: This service scans the entered domain or sub-domain with 18 malware website detection services (e.g., Google Diagnostic, hpHosts, Norton SafeWeb, and TrendMicro Web Reputation). After each scan it conveniently allows you to drill down further by automatically submitting the URL to any of the services individually to get more details or several other analysis sites (e.g., VScan that scans it with multiple AV engines). URLVoid also offers IPVoid.com that does the same thing but just by IP instead of domain, URL Dump that mimics unmaskContent, and Extract URL that performs limited unshortening.
- Perform Backup Scan with VirusTotal.com: Known in the security community for being able to upload files to be scanned with 40 or so antivirus engines, they also offer a site scanning capability that inspects URLs with 16 website malware services. I generally use this site as a backup for verification. Check out http://bit.ly/nScS8W for a direct link to their site scanner.
Now there are plenty of other ways to do this… What do you use to check if a website is safe to visit BEFORE actually going there? Let us know in the comments below.