Thursday, June 19, 2008

Integrating domain reputation search into Firefox 3

This happens to me every day. I find a domain name somewhere, usually through my NSM work, and I wonder, "Is this domain known to be malicious?" Now, I don't personally know every domain on the Internet, but I've had some success using McAffee's SiteAdvisor. You feed it a domain name, and it'll tell you not only if it thinks it's suspicious, but also whether or not it offers any sort of downloads, what other sites it's most closely associated with, and what it's users have to say about it (if anything).

Pretty good stuff, but I'm so lazy. Opening a new tab and typing in the SiteAdvisor URL is just sooo hard! So I decided to add it to my list of search plugins, so I can use the integrated search bar instead. Here's how to do it.

  1. Find your searchplugins directory. For a typical Unix system, this is ~/.mozilla/firefox/XXXXXXXX.default/searchplugins (where the XXXXXXXX is a random string)
  2. Create a file in this directory called siteadvisor.xml with the contents below.
  3. Restart Firefox.


There you go! Three simple steps, and now "Siteadvisor" should be listed when you drop down the search menu.

<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/" 
xmlns:os="http://a9.com/-/spec/opensearch/1.1/">
<os:ShortName>Siteadvisor</os:ShortName>
<os:Description>Search McAffee Siteadvisor</os:Description>
<os:InputEncoding>UTF-8</os:InputEncoding>
<os:Url type="text/html"
method="GET" template="http://siteadvisor.com/lookup/?q={searchTerms}">
</os:Url>
</SearchPlugin>


Now, the question of the day: What other sites do you use to easily check a domain's reputation? Leave a comment and let us know!

7 comments:

Christopher said...
This comment has been removed by the author.
Christopher said...

WOT (http://www.mywot.com) - Web Of Trust

They rely mostly on user-submitted data (through their firefox plugin).

The search URL is as follows:

http://www.mywot.com/en/scorecard/{DOMAIN-NAME}

David Bianco said...

Christopher, it'd be pretty easy to clone the above search plugin to use WOT instead.

Actually, I hope to pull together a bunch of similar services into a meta-search engine. Given the spotty coverage each individual site seems to have, aggregation should be quite useful.

Gene said...

SmartFilter/SecureComputing provides this site to check as well.

http://www.trustedsource.org/en/feedback/url?action=checksingle

Gene said...

I don't have a pointer to a web tool or quick link on this, but I find the creation date of a domain to be useful in telling the rep of a site. It's not helpful for established names, but one really needs to question any domain that has been created in the last week.
Most of the malware/phishing/malicious sites don't exist for long either, so this is useful info.

Christopher R said...

In general, I use www.robtex.com for lookups. You can search RBL there as well (http://www.robtex.com/rbl/).

http://jaalcheck.com/ is also useful at times.

Martin said...

I find whois.domaintools.com to be the best overall site for general domain inquiries. It works for both IP addresses and domain names via whois.domaintools.com/example.com.

The thumbnails are very helpful as well as the text browser. Besides the standard registration info, it has SSL info, Alexa rank, summary, etc. It's not really designed for security use, but rather as a tool for domain registrars. That actually makes it really helpful because instead of a thumbs up/thumbs down, you get the nitty-gritty details, which I find far more helpful (especially when it's a new domain).