A user-friendly tool that can be utilized both by experts and by security enthusiasts

Jan 27, 2012 15:22 GMT  ·  By

Zscaler, the leading security solutions provider, released a great free tool that allows even more inexperienced users assess the risks that may hide behind an apparently harmless URL.

The project, called Zulu, its name being inspired by the ancient Zulu warriors represented by a citizens army, is a completely free service launched with the purpose of allowing users to experiment with new, more advanced, detection techniques.

The user interface was designed to be simple, but at the same to provide sufficient information for even the more security savvy customers.

All the user needs to do is input the URL he wants to scan and press a button. After that, the company’s advanced detection engines work to establish the overall ranking, Benign, Suspicious or Malicious.

For more advanced users, the application offers the possibility to set some advanced options, such as User Agent or Referrer, in case malware that is triggered only with certain input variables is encountered.

The results may be simple to read, but they also contain some details of elements that compose the overall score, for users who know what to look for.

So how does Zulu work?

First, the page content is scanned for traces of potentially malicious code, using the proprietary Zscaler algorithms, heuristic tests and public sources. Then, the URL itself is tested against known malicious patterns and public black and white lists.

Finally, the host’s reputation is verified based on its IP address, geographical location and Anonymous System Number (ASN), along with suspicious behaviors it may display.

“With Zulu, we sought to combine our own proprietary scanning techniques, with the great open source intel that is available, to provide a broad view of the overall risk posed by virtually any web resource,” said Michael Sutton, vice president of security research at Zscaler.

“We also look not just at a specific aspect of the resource, but instead, separately focus on determining risk for the content, URL and host separately, which is then combined into an overall risk score.”