How Do I Report Malicious Websites?

Published: 2010-04-30. Last Updated: 2010-04-30 15:05:43 UTC
by Kevin Liston (Version: 1)
10 comment(s)

The Set-up

So you’ve just spent your morning digging through web proxy logs figuring out how one of your users managed to get infected with the latest rehash of FakeAV and you’ve got a handful of malicious URLs that you need to block on your perimeter.  Let’s also suppose that you hold some goodwill towards your fellow sysadmin and wish to help stop further damage.  Where do you start?

Depending on what vendor you use to manage your web proxy filters, you may be helping out by simply protecting yourself.  That information should bubble up to their other customers and expand protection.  Another way to help smaller organizations and individuals is to share this information with free security solutions.
 

Google Safe Browsing

Get the biggest bang for your buck by leveraging the Google Search engine which many folks rely on to save them from exposure to typo-squatters and other badness.  URLs can be submitted here: http://www.google.com/safebrowsing/report_badware/

BlueCoat K9

Although it’s advertised as web protection for your children, I find it works for parents and grandparents too.  You can submit URLs and classify them here: http://www1.k9webprotection.com/support/check-site-rating.php

OpenDNS

If you have an OpenDNS account you can submit a domain for tagging as malicious via their dashboard.
 

Your Turn

If you have a favorite list for submitting the results of your malware research, please leave a comment below.

 

Keywords:
10 comment(s)

Comments

If you want to help out Bluecoat ProxySG users, you can submit the web site to
http://sitereview.bluecoat.com/sitereview.jsp although I think the K9 list and the ProxySG list are the same.
McAfee's (Formerly Secure Computing's)Trusted Source site offers a mechanism to look up the current category and web reputation of a site or list of sites and offers a feedback tool to recommend category changes or assignments for uncategorized sites.

http://www.trustedsource.org/en/feedback/url

JK
If you want to save some legwork too, use:
- http://www.malwaredomains.com/

... which can be also be used with the AdBlock Plus extension of Firefox for "... another layer of protection...":
- http://adblockplus.org/blog/blocking-malicious-sites-with-adblock-plus
Scroll down to: "... click here to subscribe to the list in Adblock Plus..."
and click on the link - click OK to the popup for "Add subscription" - done.
.
Norton's SafeWeb:
http://safeweb.norton.com/report/show?url=isc.sans.org


McAfee's SiteAdvisor (now using Trusted Source, mentioned above by JK):
http://www.siteadvisor.com/sites/sans.org


TrendMicro's TrendProtect free Windows browser plug-in for IE/Firefox:
http://www.trendsecure.com/portal/en-US/tools/security_tools/trendprotect

TrendProtect doesn't have a mechanism to submit user-contributed ratings currently, but there are plans.
I use the Web Of Trust plugin for firefox.

http://www.mywot.com/

Not only can you go to their website to report malicious sites, it crowdsources your safety on the web by warning you when the community thinks a site is not safe or secure.
Don't forget there is a built-in feature in IE8: Tools | SmartScreen Filter | Report Unsafe Website
Amazon Web Services net range:
http://aws-portal.amazon.com/gp/aws/html-forms-controller/contactus/AWSAbuse

Host Exploit Links to Report CyberCrime:
http://www.hostexploit.com/index.php?option=com_content&view=article&id=17&Itemid=94

Alphabetical list of FIRST Members:
http://www.first.org/members/teams/

International Illegal Content:
http://hostexploit.com/index.php?option=com_content&view=article&id=18&Itemid=24

International Law Enforcement:
http://hostexploit.com/index.php?option=com_content&view=article&id=19&Itemid=25
McAfee TrustedSource
http://www.trustedsource.org


You can submit a URL that distributes badware to StopBadware at http://badwarebusters.org/community/submit. We share the data with our data providers (including the Google Safe Browsing team) and anyone else we think will make good use of it.
Here are some good sites to report phishing URL's.
http://www.phishtank.com/
http://www.antiphishing.org/report_phishing.html

Diary Archives