Verifying Link Security

The beauty of the internet is the hyperlink. All objects in the cyberspace are essential represented by a link or URL. Obviously, this includes malicious code. Delivering an email to a user with a link to a website hosting malicious code is the first step in most attack.

How you can verify a link is safe to visit before visiting it? There is a high risk of inflecting malware or virus if you visit every suspicious link. Fortunately, UC Santa Barbara student created a project to verify the suspicious URLs by actually visiting the destination. They even follow the redirect command and visit the deep links.  The project is

Wepawet is a platform for the analysis of web-based threats. Wepawet uses a composition of approaches and techniques to execute, trace, analyze, and characterize the activity of code whose execution is triggered by visiting a web page.

However, there is one possibility that since Wepawet is hosted with a fixed IP address, the attacker could return harmless content if they detect the source IP address is the same as Wepawet address. When using this tool, it is better that you use a public accessible proxy.

1 thought on “Verifying Link Security”

  1. Twitter has in I think two years ago implemented security verification of URL before publishing. Sina Weibo is also doing the same. We need all web sites that take in public contents to in fact do the same. When they are publishing URLs, it is also important that they do verify the security of any external links before publishing. AV providers like F-Secure also offer a free URL security checking service at: http://browsingprotection.f-secure.com/swp/.

Leave a Reply

%d bloggers like this: