An interesting tool for both regular users and security professionals

Mar 18, 2014 13:29 GMT  ·  By

Barracuda Networks has launched Threatglass, a new tool that’s designed for sharing, browsing and analyzing web-based threats. Users can rely on Threatglass to analyze various aspects of a website infection, including the stages of infection and network characteristics. 

“‘Good sites gone bad’ is a daily problem for popular websites targeted by attackers and used to serve malware to their unsuspecting visitors. Threatglass was designed for both casual users and the research community to provide a way to document and better understand this ongoing problem,” said Dr. Paul Judge, chief research officer and VP at Barracuda.

Threatglass backend

The system is designed to automatically detect web-based malware in websites sourced from various places, including Alexa, social feeds and suspicious sites flagged by Barracuda’s customers.

Threatglass’ “engine” simply visits websites from thousands of virtual machines to see how the targeted pages impact the browser, plugins and the operating system. Millions of websites are analyzed each week.

The system that powers Threatglass has been used internally by Barracuda Labs for years. So far, close to 10,000 live web-based malware infections have been accumulated by the tool.

Threatglass frontend

The frontend of Threatglass looks sort of like Pinterest. Users can browse website infections dating back to September 2011.

They can view graphs for historical trends and other data. In addition to a screenshot showing what the browser looks like when a certain website is visited, the tool also provides detailed information of what’s happening in the background.

Is something downloaded? Is an email sent? What’s the number of domains and objects requested? These are all questions you can get the answer to with Threatglass.

The network package captured during the visiting process can be downloaded for free. This information can be highly valuable for security researchers.

“With various representations of network traffic including DNS, HTTP, and netflow in both graphical and textual formats displayed to users, we believe that this tool can greatly help casual users to know which websites had been infected, explore how infected websites could damage their browsers and computers, and understand the trending volumes and impacts of malicious websites on the Internet,” Barracuda Labs noted.

“For more advanced users in the security community, the data packets provided on Threatglass are useful to perform deeper investigation, such as correlating the downloaded binary to recent CVEs to identify a botnet, and so forth. Additionally, researchers can search the infected IPs in Threatglass to cross-examine their own malicious data.”

Check out Threatglass and tell us what you think.