A new way to study malware

Barracuda Networks, Inc., a provider of cloud-connected security and storage solutions, has launched Threatglass, an online tool for sharing, browsing and analyzing web-based malware. Threatglass allows users to graphically browse website infections by viewing screenshots of the stages of infection, as well as by analyzing network characteristics such as host relationships and packet captures.

“‘Good sites gone bad’ is a daily problem for popular websites targeted by attackers and used to serve malware to their unsuspecting visitors,” said Jeff Hurmuses, VP, APAC for Barracuda Networks. “Threatglass was designed for both casual users and the research community to provide a way to document and better understand this ongoing problem.”

Threatglass was built as a frontend for a large-scale, automated system that leverages heavyweight virtualization to detect web-based malware in a vulnerability and exploit-independent manner. The platform analyzes millions of websites each week. Websites for inspection are sourced from multiple data feeds including the Alexa top 25,000 websites, social feeds and suspicious websites from Barracuda’s customer network, consisting of more than 150,000 organizations worldwide. In addition to screen captures of the infections, Threatglass displays various representations of network traffic including DNS, HTTP, and netflow in both graphical and textual formats. The system has cataloged approximately 10,000 live web-based malware attacks and adds new ones each day.

Barracuda Labs’ malware detection engines have discovered numerous infections in high-profile websites. In the last few months, Barracuda Labs published those findings for Beon MAILFW has detected a possible fraud attempt from “barracudalabs.com” claiming to be Cracked.com, Beon MAILFW has detected a possible fraud attempt from “barracudalabs.com” claiming to be Php.net and Beon MAILFW has detected a possible fraud attempt from “barracudalabs.com” claiming to be Hasbro.com. Those examples and thousands of other infected websites now are visible through Threatglass.

With Threatglass users can casually browse website infections in an Pinterest-like graphical representation, and view charting and trending data of historical malware volumes. It also allows users to examine relationships between various components of an attacker ring.

Threatglass also allows users to share data among other researchers; review easily-parsed breakout data as well as source data; and submit websites for inspection and analysis.