Website to website malware scanning
I was checking out the NISCC (UNIRAS) website. Looking at their latest alert which was a standard email trying to get you to click on a link to go to a website(s) which would then try to infect you PC with some sort of malware.
The alert lists the domains that could be referenced by the email
If I stick any of the domains (friendsoftheenemy.net and lower) into surfcontrol to see if they are blocked none of them are on the surfcontrol list.
AusCERT has seen several different types of e-mail messages, attempting to
entice the reader to a variety of domains including:
http: // compaqhea.shrink.com/info.html
http: // friendsortheenemy.net
http: // healthcentretoronto.com
http: // uh.gameage.co.uk
http: // chamas.cl/info.html
http: // abomagd.com/info.html
http: // belgiumlive.hostmatrix.org/info.html
http: // bluecalf.com/info.html
http: // buenconsejo.cl/info.html
http: // fondby.com/info.html
http: // 6abari.net/info.html
http: // al-barakah.org/info.html
http: // megacontable.com/info.html
http: // ohiohsfootball.net/info.html
http: // wakeee.hostmatrix.org/info.html
All of which are redirected back to:
http: // friendsoftheenemy.net
This site, installs additional malware which may also contact the hosts:
Administrators may wish to actively block or monitor access to these domain
names and URLs.
Now I could block them manually on surfcontrol but I'd rather know what they are before I start randomly blocking websites.
BUT how do I check out a potentially dangerous website without becoming compromised. And if I am running a locked down machine that would not be affected by the malware how would I know that the site is trying to infect my machine.
I don't have access to a 'victim' machine which I could allow to become infected and then analyse and I don't have a route out of the network which doesn't go through a firewall.
Is there such a thing as a website which I can point to the 'infecting' website which will pose as an unprotected browser and give me a report as to whether that website does indeed attempt to infect a passing browser?