Announcement

Collapse
No announcement yet.

Online website analyzer or sandbox?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Online website analyzer or sandbox?

    To make a loooong story short, one of our internal / external apps uses a feed from the company that provides the software to us. Haven't been able to get the feed all day, as our AV was blocking the file. Turns out the file's valid, but there's a new iframe at the top with a link to a *.cn site.

    I'd like to analyze the site, but don't want to infect anything here. Anyone know of an online website analyzer, or an online sandbox, or does anyone have their own sandbox that could check out this URL?

    Sandbox = virtual image that is easily wiped, or is read only, and is used for testing purposes (e.g. testing software, viruses, etc).

    If you have a sandbox and wouldn't mind checking out this site to see what it's atempting to doing (so that we can attempt to identify what infected the feed's server).
    ** Remember to give credit where credit is due and leave reputation points where appropriate **

  • #2
    Re: Online website analyzer or sandbox?

    PM me the URL and I'll have a look at it. What AV do you run?
    Gareth Howells

    BSc (Hons), MBCS, MCP, MCDST, ICCE

    Any advice is given in good faith and without warranty.

    Please give reputation points if somebody has helped you.

    "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

    "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

    Comment


    • #3
      Re: Online website analyzer or sandbox?

      TrendMicro OfficeScan, but it's not OUR server that's infected The AV just recognized the URL as being bad and quarrantined the file.

      I'll be back on the forum in a couple of min, going to grab something to eat from around the corner, as someone behing me just sprayed some crap in the air that's putrid!
      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: Online website analyzer or sandbox?

        Checked it out and NOD32 threw up 22 virus alerts. Domain name not exactly descriptive is it

        Small world - the whois entry for it almost exactly matches the entry for a domain that one of our managers stumbled accross yesterday. That one claimed to be a professional photography company.
        Gareth Howells

        BSc (Hons), MBCS, MCP, MCDST, ICCE

        Any advice is given in good faith and without warranty.

        Please give reputation points if somebody has helped you.

        "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

        "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

        Comment


        • #5
          Re: Online website analyzer or sandbox?

          So it's dodgey then.
          1 1 was a racehorse.
          2 2 was 1 2.
          1 1 1 1 race 1 day,
          2 2 1 1 2

          Comment


          • #6
            Re: Online website analyzer or sandbox?

            Did it give you the names of the viruses?

            Did a whois on it earlier, and it's been registered since 2008-11-27. The admin email is probably fake though, as it goes to a QQ.com address (valid site), but the address is probably a hijacked one.

            BTW, what kind of sandbox are you running?
            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: Online website analyzer or sandbox?

              The sandbox is pretty low tech. It's a PIII box I had kicking around gathering dust, specced out with enough RAM to take any modern OS other than Vista. At the time of testing it had XP Pro and an NFR NOD32 licence on it. Generally when testing out stuff like this, I unplug the router from the LAN and connect it into the sandbox. Now that the system may be compromised, it's disconnected from the LAN again. Hard drive gets wiped 150 times via automated boot CD, and there'll be some rare earth magnets involved too at a later stage.

              Not especially sophisticated, but does the job. If I'm ever concerned about reusing the hard drive, then it'll be replaced with one from Maxtor Heights (big stack of spare 6GB drives at work).
              Gareth Howells

              BSc (Hons), MBCS, MCP, MCDST, ICCE

              Any advice is given in good faith and without warranty.

              Please give reputation points if somebody has helped you.

              "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

              "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

              Comment


              • #8
                Re: Online website analyzer or sandbox?

                Then there's no way to find out what viruses it was, oh well. Kinda hoping to be able to trace it back to the original virus / vulnerability so as to pass it onto the other company.
                ** Remember to give credit where credit is due and leave reputation points where appropriate **

                Comment


                • #9
                  Re: Online website analyzer or sandbox?

                  Sorry, I missed that question. 20 of the viruses were the same as the alerts we saw on the website our manager found, the other 2 weren't able to be identified. The majority were identified by NOD32 as JS/TrojanDownloader.Small.NBH
                  Gareth Howells

                  BSc (Hons), MBCS, MCP, MCDST, ICCE

                  Any advice is given in good faith and without warranty.

                  Please give reputation points if somebody has helped you.

                  "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                  "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                  Comment

                  Working...
                  X