|
LinkScanner Pro Threat Evaluation and Methodology
LinkScanner Pro uses rigorous methodology for inspecting web pages before communicating the safety to you. As you surf the Internet each link you click and page you visit is instantaneously put through this patent-pending, multi-step analysis.
The process begins with an immediate look-up of the web site in Exploit Prevention Labs known blocked list. It answers the question “Is this site/page already known to be malicious?”. Many other “safe surfing” products simply stop here. Their intelligence is limited to what they have already detected.
If the site is not already known to be bad, LinkScanner Pro evaluates it on a variety of “paper trail” factors. This criteria includes, but is not limited to,
- Is the web site owner hiding their identity?
- Is the url suspicious or spoofing a legitimate site?
- Other factors involving the domain name, its registration, IP address and url structure that contribute to identifying fraudulent web sites.
The web site in question can suffer from one or more of these factors and thus contribute to LinkScanner Pro's rating. This combination of factors leads to the most accurate assessment of a site's safety.
Lastly, and arguably most important, LinkScanner Pro inspects the page for actual software exploits, connections to exploit servers, zero-day attacks and other security breaches. At this moment, when all the content of the page is assembled, it can be scanned most accurately. Should LinkScanner Pro detect malicious content or an attack, the Internet stream is broken and the content is not allowed into the computer.
Without this analysis, there is no way to know truly what code is attempting to enter your computer. Other safe surfing solutions that rely too heavily on database lookups or centralized crawling of portions of the Internet are instantly out-of-date or simply cannot provide advice and block threats.
With the total number of web sites exceeding 100 million, and with new sites appearing so rapidly, it is impossible to scan each and maintain timely reports. In fact, most phishing and spoofed web sites come and go so quickly, web crawling solutions will not detect them fast enough should you unwittingly arrive there.
After completing this analysis, LinkScanner Pro communicates the final rating for that page or site. There are four possible ratings: Safe, Questionable, Risky, Dangerous. Click here for details on these ratings. This rating system is subject to change as new threats emerge so check back anytime you have a question about a rating. The variety of theats that LinkScanner Pro will report are shown in the following table. These Threat Classifications and descriptions are also subject to change as threats evolve and become more targeted, sophisticated.
Threat
Classification |
Threat Explanation |
| Not necessarily exploitive. | | | Known Exploitive Server | XPL's Intelligence Network has identified this server as serving nothing but malicious exploits. XPL recommends not visiting this web site regardless if your computer is fully patched. | | Exploit | XPL's Intelligence Network has detected an exploit.
An exploit is a piece of malware code that takes advantage of a vulnerability in a software application, usually the operating system or a web browser to infect a computer. Exploits usually target a computer by means of a drive-by download – the user has no idea that a download has even taken place. XPL recommends not visiting this web site regardless if your computer has been patched for the vulnerability.
| | Known or Suspected Phishing Page | XPL's Intelligence Network has identified this page as a suspected or known phishing page. Phishing pages falsely represent themselves, as a bank or other trusted institution, to fool unsuspecting visitors into typing private and secure information. This information is then used by the criminals to steal your identity, finances or other malicious reasons. XPL recommends avoiding this web site. | | Known Social Engineering Page | XPL's Intelligence Network has identified this page as a Social Engineering Page. Social Engineering pages attempt to trick you into performing an action you would not knowingly do. For example, convince you to install a video plug-in in order to watch a video - when in reality you are installing a piece of spyware. Phishing pages are a specific form of Social Engineering. XPL recommends avoiding this web site and remaining cautious when interacting with any web site. | | Known Crack Server | XPL's Intelligence Network has identified this server as being a so-called 'Crack Server'. Crack Servers are servers that offer up tools and technologies that enable others to hack or crack into legitimate servers. Crack servers occasionally also serve up exploits. XPL recommends avoiding this web site. | | Known Malicious Internet Service Provider | XPL's Intelligence Network has identified this server as belonging to a known malicious Internet Service Provider. It is likely that all servers belonging to this ISP are dangerous or should be considered suspicious. XPL recommends avoiding this web site. | | Ad server known to pass crimeware through ads | XPL's Intelligence Network has identified this server as having distributed malicious code in the past via advertising banners. The owner of this advertising server may or may not be responsible or know this occurred. XPL recommends not visiting this web site due to its connection with the dangerous advertising server. | | Suspicious server ownership data | This site is missing or has suspicious key ownership information. Simply visiting the web site does not constitute a security threat. However, XPL recommends using caution when interacting with this web site and its content (downloads, web forms) as well as carefully choosing what personal information, if any, you share with the owner. | | Error in reporting | There was an error in reporting the Risk Category. No additional information available |
|
