November 1st, 2014

Wepawet: analyzing web-based malware

This is a pretty cool looking website/service from the Computer Security Group at UC Santa Barbara that will analyze flash and javascript for malicious content. It will actually de-obfuscate javascript and pull out the active exploits that it uses. I’m guessing that it’s also doing some dynamic analysis because it is able to see the exact request/responses that it’s making. Here is a sample report that shows multiple exploit attempts and the actual malware. The website says that it’s currently in alpha and it will have the ability to submit URLs (instead of javascript/flash files) soon.


Leave a Response

Imhotep theme designed by Chris Lin. Proudly powered by Wordpress.
XHTML | CSS | RSS | Comments RSS