Zscaler launches free link malware scanner Zulu

Cloud security vendor Zscaler has launched a new free-to-use online service called Zulu that can assess the security risk associated with URLs by analysing the content they point to, as well as the reputation of their corresponding domain names and IP addresses.

There are several free URL scanning services available online and all of them are useful in their own right. While conceptually similar to other such scanners, Zulu does have a few features that makes it stand out.

For example, Zulu allows security savvy users who investigate various web attacks to choose what User-Agent and Referrer headers the scanner will use when accessing a URL.

There are a lot of attack pages that only serve malicious content to visitors who arrive there from a certain website, most commonly a search engine, or only to visitors who use a certain browser.

Zulu assesses the risk of a web resource’s content, its URL and host individually and assigns a score for each of these categories based on several tests. The scores are then combined to determine the overall risk associated with the resource.

“A unique benefit of this approach is that we can deliver a risk score even when the page content is no longer available,” said Michael Sutton, vice president of security research at Zscaler.

“While we can’t access the page, we can still assess the URL and host and when they deliver a high risk score despite a lack of page content, one can often conclude the page was indeed malicious but has since been taken down,” he explained.

Depending on the type of content a URL points to, Zulu can perform an antivirus scan using the VirusTotal multi-engine service, try to match a file’s MD5 hash in Zscaler’s database, search for known JavaScript obfuscation patterns and phishing heuristics, or use the company’s malware detection technologies.

A web resource’s URL is verified against publicly known blacklists, and its domain name is checked for suspicious strings of characters. The historical abuse levels of a particular TLD and the risk associated with an IP address’ geographical location are also taken into consideration when establishing the final risk score.

“With Zulu, we sought to combine our own proprietary scanning techniques, with the great open source intelligence that is available, to provide a broad view of the overall risk posed by virtually any web resource,” Sutton said.

According to the researcher, the company decided to launch Zulu as a free tool in order to experiment with new detection techniques before using them in its commercial products. As the service gains popularity, it will also help Zscaler discover more malicious websites and improve the accuracy of its database.

The company doesn’t have any plans to offer an open API (application programming interface) for service at this time. “This is something that we may consider in future if feedback suggests that users would benefit from it,” Sutton said.

Article source: http://rss.feedsportal.com/c/270/f/3551/s/1c2e7c55/l/0Lnews0Btechworld0N0Csecurity0C33331780Czscaler0Elaunches0Efree0Elink0Emalware0Escanner0Ezulu0C0Dolo0Frss/story01.htm

View full post on National Cyber Security » Computer Hacking