Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Remote control: FireShark discovered that some content on the site howtofindmyIP.com comes from dubious sites hosted in the Ukraine.

The researchers at Websense plan to release a plug-in for the Firefox browser that will reveal the content hubs that a site is linked to.

“The interesting thing about all of this is when attackers are using, say, DoubleClick as the vector of attack,” says Tom Pinckney, cofounder of the Web security firm SiteAdvisor, which was bought by McAfee in 2006, and now vice president of engineering for the recommendation site Hunch. “For many attacks, someone buys the content on the ad network, but the guy who is actually supplying the content on the page–God knows who that is.”

SiteAdvisor offers a plug-in that provides a service that’s similar to what FireShark offers. McAfee used a data center full of virtual PCs to troll the Web for malicious sites, evaluating links and submitting unique e-mail addresses that are then monitored for spam.

FireShark delves deeper than SiteAdvisor by decoding the HTML, Javascript, and other code embedded in each Web page it parses, looking for the ultimate source of content, even if it’s redirected multiple times. “FireShark gives a more in-depth view of what is going on,” Chenette says.

Maxim Weinstein, executive director of StopBadware, a nonprofit organization that helps create lists of malicious websites, says FireShark could be an interesting tool for researchers. The caveat, he says, is that anomalous behavior is not always malicious. “The patterns that look bad are often good things–just anomalous,” he says.

Tracking the way sites are connected over time could also help identify malicious changes to sites, Chenette says. He adds that the FireShark browser plug-in may eventually let users feed information about the sites they visit back to Websense.

3 comments. Share your thoughts »

Credits: Websense

Tagged: Computing, Web, Internet, cyber attacks, cybercriminals, Internet Security, malicious code

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me