I'll start with a short personal angle -
From what I hear and read, more than 70% of the Malware today is being served or linked from legitimate web sites.
Take a look at this article from InformationWeek, which was posted in January 2009:
Seventy percent of the top 100 Web sites either hosted malicious content or contained a link designed to redirect site visitors to a malicious Web site during the second half of 2008
The common approach to Malware protection and Malware scanning today, puts the (security) responsibility on the end users (browser protections, A/V, etc.) or the organizations (content filtering gateways, A/V gateways) from which the end users browse the web from.
I think that web site owners should start taking responsibility for the contents they are serving to users, and a simple way to do that, is to constantly monitor or scan your own web application for malicious contents.
BTW, malicious code can end up in your application in different ways such as -
- Someone hacked into your application and put it there
- You are including web contents (or application code) from a 3rd party. This is oftentimes the case in Web 2.0 scenarios
- You pissed off one of your web developers, and they decided to get back at you by infecting your users with Malware
Enter Malware Scanner AppScan eXtension
The Malware Scanner AppScan eXtension helps you verify that your application is not hosting or linking to malware. The extension couples the deep-scanning capabilities of IBM Rational AppScan with ISS X-Force technology that is used to identify malicious content and links.
The Malware Scanner checks these conditions:
- Files hosted on your application are malicious or not
- Files that are "one click" away from your application are malicious or not
- Links on your site lead to malicious domains (malware sites or phishing sites, for example)
- Links on your site lead to unwanted content (illegal sites, hate sites, adult content, and so forth).
The Malware Scanner works in two phases:
- It passes all of the visited links through the ISS Virus Prevention System (VPS) engine, to determine whether they are malicious or not. This is similar to browsing every page in your application, including clicking every button and downloading every file, using a machine with updated antivirus software.
- It passes all of the links that lead to external domains through the ISS WebFilter SDK. This SDK then fetches the classification of each link (news site, porn site, malware site, illegal site, and so forth), based on the constantly updated online classification database. Links that are deemed malicious or unwanted are flagged for your attention.
When something needs to be brought to your attention, a security issue is created in Rational AppScan so that you can benefit from the strength of Rational AppScan results management capabilities, such as creating reports, saving and loading scans, and so forth.
You can read more about the Malware Scanner eXtension and download it from our eXtensions web site (you need to have AppScan installed to run it).