Fireshark - A Tool To Link The Malicious Web presented at Blackhat Europe 2010

by Stephan Chenette,

Tags: Security Web

Summary : Thousands of legitimate web sites serve malicious content to millions of visitors each and every day.
Trying to piece all the research together to confirm any similarities between possible common group patterns within these websites, such as redirectors that belong to the same IP, IP range, or ASN, and reconstructing the final deobfuscated code can be time-consuming and sometimes impossible given many of the freely available tools.
I will present a web security research project called FireShark that is capable of visiting large collections of websites at a time, executing, storing and analyzing the content, and from it identifying hundreds of malicious ecosystems of which the data, such as the normalized, deobfuscated content within them can easily be analyzed.