I was checking out the NISCC (UNIRAS) website. Looking at their latest alert which was a standard email trying to get you to click on a link to go to a website(s) which would then try to infect you PC with some sort of malware.
The alert lists the domains that could be referenced by the email
If I stick any of the domains (friendsoftheenemy.net and lower) into surfcontrol to see if they are blocked none of them are on the surfcontrol list.Details:
AusCERT has seen several different types of e-mail messages, attempting to
entice the reader to a variety of domains including:
http: // compaqhea.shrink.com/info.html
http: // friendsortheenemy.net
http: // healthcentretoronto.com
http: // uh.gameage.co.uk
http: // chamas.cl/info.html
http: // abomagd.com/info.html
http: // belgiumlive.hostmatrix.org/info.html
http: // bluecalf.com/info.html
http: // buenconsejo.cl/info.html
http: // fondby.com/info.html
http: // 6abari.net/info.html
http: // al-barakah.org/info.html
http: // megacontable.com/info.html
http: // ohiohsfootball.net/info.html
http: // wakeee.hostmatrix.org/info.html
All of which are redirected back to:
http: // friendsoftheenemy.net
This site, installs additional malware which may also contact the hosts:
Administrators may wish to actively block or monitor access to these domain
names and URLs.
Now I could block them manually on surfcontrol but I'd rather know what they are before I start randomly blocking websites.
BUT how do I check out a potentially dangerous website without becoming compromised. And if I am running a locked down machine that would not be affected by the malware how would I know that the site is trying to infect my machine.
I don't have access to a 'victim' machine which I could allow to become infected and then analyse and I don't have a route out of the network which doesn't go through a firewall.
Is there such a thing as a website which I can point to the 'infecting' website which will pose as an unprotected browser and give me a report as to whether that website does indeed attempt to infect a passing browser?