Hello everyone!

I've been real busy with my new job and I haven't been really participating in EH-Net lately, but that doesn't mean I don't come here and read the latest happenings. Today I would like to mention a cool tool for Windows that I use in my work almost everyday which really helps me explore malicious websites for my Incident Report. It's called 'Malzilla'.

As the authors puts it, Mazilla is a
Basically, Mazilla is a useful tool for analyzing websites containing malicious code. It allows you to request websites and retrieve its full source code, like wget, without visiting the site and potentially harming your computer. This program has the option to switch your user agent and choose your own referrer. It also has proxy capabilities, various decoders and most importantly what I really like about this tool, deobfuscation of javascript code, all in one application.

For Malware Incident Response, our security department required us to investigate the how, when, why, what, where of malware incidents. The majority of the incidents we see in our company is users visiting what appears to be innocuous websites containing embedded malicious obfuscated javacript code in order to exploit vulnerable computers. Before finding out about this tool, thanks to my colleague (Pedro), we'd use various tools and methods to investigate malicious sites which took some time to analyze. Thats where Mazilla comes in, using this tool really speed things up and it has made my job easier.

Mazilla can be downloaded here:

http://malzilla.sourceforge.net/

Make sure to check out the author's tutorial in this page and familiarize yourself with this tool.

Well, gotta go, I just wanted the EH-Net members to know about this cool tool.

Yeah, it's a cool tool.

There's more stuff that this tool can do that I forgot to mention, for instance, it shows you the http headers , it can gather all the links and iframes of such website, cookies and etc. Like it a lot.

Hey Bobby,
  Thanks for stopping by. Looks like a nice project. I will play around with it and get back to you.

Bobby,

First of all, welcome to the club. Thanks for a wonderful tool.

Anyways, at the mean time I have one suggestions and a bug:

- It would be wonderful to have the user and pass for the proxy settings to be hidden. You could make this an option.

Bug:

- Not sure if its a bug, but when I have Malzilla running, the copy and paste functionality in Windows gets funky, for example, when I want to copy a content from the web browser and try to paste it in notepad, it sometimes won't work. I have to close Malzilla in order to have it function properly. I'm pretty sure it has to do with Malzilla's Clipboard Monitor feature.

Once again thanks and I'm looking forward to your new release.

@all
Thanks for the warm welcome

@blackazarro
Indeed, Clipboard Monitor is messing the things around. I know about this issue.
At the moment I'm thinking to remove this "feature", but I need some feedback about it - is someone using Clipboard monitor at all?

If I do not clear the clipboard after some content is received - that will also mess the things up. If I do (like it is now) - you already know whats happening.


About hiding the user and password in proxy settings - it can be done.
It is just so that I didn't think that someone will use Malzilla at places where this needs to be hidden.

I use the Clipboard monitor on some forums/boards where pretty big lists of malware links are posted, and the links are mostly scrambled by turning "http" into "hxxp" or similar (precaution to not have clickable link).
As no download manager detects these, I use Malzilla to catch them from clipboard. I save the list then and download the content either from Malzilla or from some other download manager.

Thats the lazy way to do this.
One can always copy/paste these lists to any text editor and search/replace the hxxt with http, and then use such list in download manager or where he needs it.

Bobby, I'll definitely appreciate the extra option and not save this data into setting.ini.

Uploaded new snapshot:
http://sourceforge.net/project/showfiles.php?group_id=203466&package_id=242804

Please test and report suggestions/bugs

regards
bobby