There is an interesting case that I want to share with you.

I am not sure if you guys are aware of it but last year researchers at Google released a paper at the Usenix conference titled “The Ghost in the Browser”.

The paper outlined research efforts at Google that spanned several months analyzing websites, their content, and the amount of malicious code discovered within the sites.

It was discovered that the URLs that Google generate as search results, a big number of those are malicious and it might harm the user’s computer. To keep its users away from such malicious URLs, Google start flagging these websites, by posting a warning sign; this site may harm your computer.

There is a big probability that if you are using Google search engine, you might have came across such scenario. There is a similar scenario that I came across and I would like to share it with you.

I read this on Suman kumar’s blog that Google has flagged Canon India website canon.co.in as potential malicious; Canon India’s Website is an Attack Site?

Google Search Result

I did a search for canon.co.in using Google, found out that it has been flagged as harmful and there is a warning against visiting it.

I ignore this warning, and click on the URL; it took me to another page explaining clearly that this site harmful and you can access it at your own risk but there is no way Google will let you in.

Read more…

HackAlert is a 24×7 Website monitoring solution that alerts website owners and system administrators if the site has been compromised and injected with malicious code. Operating as a non?intrusive monitoring service, HackAlert leverages pattern?free behavioral analysis technology (combined with signature?based packing analysis) to provide detailed information related to website security status on a constant basis and represents the outermost layer of any comprehensive security program.

Static & Dynamic (Behavioral) Analysis

HackAlert leverages pattern-free behavioral analysis technology to detect and analyze malicious code injected into web pages. The service leverages a static HTML analysis engine which searches for illegal or potentially dangerous links injected into the webpage, and a unique behavioral analysis engine which identifies whether or not the suspicious link is in fact downloading malware to the client PC.

This behavior analysis engine is unique in its employment of a Spyware Behavior Extractor (SBE) which forces even those instances of malware that have been programmed with evasive onboard anti?detection methods to exhibit their malicious behavior. Thereby, HackAlert™ does NOT miss any instances of downloaded malware and provides accurate results, with information capable of proving the origin, destination and certain behavioral aspects related thereto.

Reporting

HackAlert can be used to scan a single URL or a complete website, depending on the user’s requirement.

Reporting Interface – Single URL Monitoring

The HackAlert reporting interface for single URL provides detailed information regarding the malware’s behavioral aspects, identifying the affected web site address and highlighting the injected malicious link or source of the malicious code. In the event of malware being successfully downloaded to the client-side, HackAlert provides details such as the source of the malware, its name and file type and the target directory on the affected computer.

Reporting Interface – Website Monitoring

The HackAlert system’s “Site Monitoring” function leverages a URL Crawler which is able to analyze an entire site’s URL tree to provide a convenient method for monitoring the site in question.The crawler analyzes the website page?by?page, extracting all possible URL links, while at the same time testing whether or not the URL link is in fact active.

The reporting provides complete information in terms of total URLs crawled, clean URLs, suspicious URLs, malware detected and defaced content.

Notifications

HackAlert’s real-time alerting capabilities provide immediate notification and details regarding malware activity. The notification can be sent via e-mail or as a SMS to the user mobile phone, depending on the user’s preference. This facilitates immediate reaction and remediation in the event of website poisoning.

 
An e-mail notification provides complete summary of the scan and lists the suspicious links and points out the malware injection.

Solution Delivery

The solution is delivered as a hosted Software?as?a?Service (SaaS) solution, providing a customizable user interface which allows the user to define the domain/URLs he or she wishes to monitor, schedule the scan frequency, and configure the reporting options. Users may access the solution simply by logging in over the internet.

Sign up for HackAlert’s Free Trial