Using browser history to detect a potential malware infection

15 October 2019
Browser History Examiner (BHE) has the capability to detect if a user has visited any known malicious URLs - that is specific web pages that are known to be currently (or have in the past) serving malware to their visitors.

BHE integrates with the URLhaus Database which at the time of writing contains over 236,000 malicious URLs, with more added every day. Daily updates of the malware URL database are provided to BHE.

In BHE v1.13 the URL category filter is now available directly from the Filter menu:



Clicking on the Malware menu option will trigger a search for known malicious URLs. A summary of the search is presented allowing you to easily see whether any records within the browser history have been flagged up as malicious URLs.



Clicking 'Apply Filter' will allow you to view the individual records found during the search.



Further details regarding the malicious URL can be viewed on the URLhaus website by visiting https://urlhaus.abuse.ch/browse and searching for the URL. The details page provides information such as the URL status (Online/Offline):



In combination with the remote capture feature within BHE, investigators and administrators alike can quickly and easily target and review web browser history for potential risk of a malware infection.

This ability provides fast identification of systems that may have been compromised, forming entry points for malware into your organisation’s network. This information can prove invaluable in realising efficient and effective response to network breach incidents as they unfold.

Analysing Chrome login data

    Prev Post

Following the trail of Skype, Electron and Chromium using Browser History Examiner

Next Post