Report Malicious URLs

StopBadware has released a Best Practices for Reporting Badware URLs.

Google Safe Browsing warns if the link in the search result may be malicious. Many malicious URLs would not appear in search results. Through redirection, clicking a link may still lead to a malicious site.

We’ll have to see how Facebook’s ThreatExchange works out.

Is there a better destination for your malicious URLs?

It would be nice if you could submit a malicious URL to a destination and allow any vendor to inspect it. People with suspicious URLs could drop them off, and vendors draw their own conclusions about whether there is a situation to address. Instead, the model I’ve seen is: vendor collects URLs from their customers and if there is a situation to address, they modify their product. This addresses their customer’s needs in a reactionary way but not in a proactive way. That may be a sufficient level of service, but we could do better.

With that in mind, continue to report the suspicious URL to your vendor.

Other sites you can send suspicious URLs to: StopBadware a place for the public to submit malicious URLs. Interested researchers can review submissions at the StopBadware Clearinghouse
VirusTotal VirusTotal tests a URL using multiple scanners
Blue Coat Web Page Review unclear if this is crawling a site (reviewing expected pages) or reviewing a page (such as an orphaned page you would not find when crawling a site)

Sources of malicious URL lists (block lists), with no apparent way to send them candidates:

Malware Domain List Malware Block List
Malware Patrol Malware Block List

Special case: All vendors who sell advertising space will sell advertising space to malicious persons. This can be due to a lax review procedure or changes introduced after the advertiser’s content is reviewed. With that in mind, Google AdSense has its own Report a Policy Violation form. This is an efficient procedure for links under the control of the Google AdSense team, but an inefficient procedure for all other links.

2 Responses to Report Malicious URLs

  1. satty says:

    it has been confirmed malicious by several scanners already