[Note: Thanks to Satnam Narang, a security researcher in 8e6 Labs, for helping out with this post.]

Security software vendors are embracing the concept of site reputation. This is the idea that what a site or host has done in the past should be used to decide whether or not you can trust that site in the future.

Everybody is building the concept into new or existing products and services: McAfee has SiteAdvisor for end-point security; Secure Computing has TrustedSource for spam mail detection; I just talked to a small company called RobotGenius that’s taking an interesting approach to site reputation based on their own heuristic analysis of executables downloadable from that site. We here at 8e6 recently introduced the Bad Reputation Domain category into our web filter to achieve a similar objective.

There are myriad sources of data that can feed a reputation decision. Are the executables hosted on a site malicious? Does the HTML contain hidden iframes (which are generally used for malicious purposes) or does the JavaScript attempt to exploit known vulnerabilities? Does the site’s list of links in or links out include other sites with bad reputations?

(more…)