Dev Depot: urlQuery, Detects Potential Malware
A free online service for testing and analyzing URLs, urlQuery (www.urlquery.net) helps identify malicious and suspicious content on websites as a means of improving the safety and security of the Internet. It’s also a great tool for auditing your own websites. According to its publisher, while no current service or security solution can guarantee 100 percent detection of malicious content, urlQuery provides detailed information about the activities a web browser engages in when visiting a specific site, and then presents the results for further analysis; delivering a second opinion about the state of a site’s security.
“As with other sandbox technologies it can be detected, which can skew or make the results inaccurate,” states a urlQuery spokesperson. “Other issues might include browser incompatibilities with settings or configurations within the browser or sandbox.”
It doesn’t get any easier than using urlQuery: just enter a profile URL in the input box and then click “go.” Optional advanced settings allow users to specify a User Agent and Referer plus Adobe Reader and Java versions, along with a VM Template, for those users needing more targeted testing.
Advanced users may also be interested in the urlQuery API, which offers the ability to submit URLs, query for a URL’s reputation and receive basic report information from public reports over JSON. A private API is provided to security companies, giving them full access to data such as URL feeds and other nonpublic information. Currently in closed beta testing, development of the API has taken longer than expected, due to the roll out of a new backend, which was required before any further extension was possible.
Daily updates to the signature sets help keep up with the latest threats, while certain subcategories of these signatures have been disabled, such as those governing policy and unrelated services (i.e. FTP, SMTP, etc.) plus protocols such as ICMP and SCADA, since they fall outside of the focus of the urlQuery service.
The limited scope of urlQuery uses a small set of features commonly employed by Intrusion Detection Systems, omitting several crucial areas when evaluating the overall effectiveness and performance of a site’s security systems. An internal detection engine has access to data gathered from within the browser which can be hard for other systems to reach or correctly determine; giving urlQuery a unique opportunity to alert on items that other system might miss.
If you’re responsible for protecting a site or analyzing others, then urlQuery should find a place in your toolbox. Try it and see the results for yourself.