Pin Me

Malzilla Review: An Advanced Malware Hunting Tool

written by: Mark Muller•edited by: Bill Bunter•updated: 6/12/2011
4

Malzilla is a malware hunting tool helpful for analyzing rogue web sites and drive-by downloads. Here’s all you want to know about it including Malzilla decoding and deobfuscation which let you examine the full source code of a malicious web site including Javascript.

  • slide 1 of 10

    What is Malzilla?

    Malzilla, by Boban Spasic is piece of software (malware hunting tool) helpful in analyzing malicious websites including their techniques and scripts used. Malzilla it is not a web browser but emulates web browsing. It downloads a web site’s code so that drive by downloads can be examined in a safe environment using decoding and deobfuscation.

  • slide 2 of 10

    System Requirements, Download & Installation

    Rating Average

    Malzilla has been designed for 32-bit Windows operating systems. I had no issues running it on Windows Vista and Windows 7 based test systems.

    The most difficult part of the install is choosing the right download … Visiting the Malzilla homepage on sourceforge.net defaults to InnoBF.zip, which is a brute force password cracker. To get the Malzilla application under consideration click View all Files, and then select malzilla_1.2.0.zip.

  • slide 3 of 10
  • slide 4 of 10

    Malzilla runs without installation, just by clicking the Malzilla.exe executable in the downloaded folder which is only about 4 MB of size when extracted.

  • slide 5 of 10

    Interface, Help & Support

    Rating Average

    When you start Malzilla for the first time you will see a proprietary interface. Unless you are a hard core malware analyst you will likely be overwhelmed by the software’s complexity and dash for the manual. Unfortunately, the amount of information provided by Malzilla.pdf is very limited. Along the same lines does Malzilla online help and its associated Open Discussion forum only have about ten posts in total.

    I doubt that the lack of instruction can be compensated by the option to open a support request ticket. Most of our readers will probably close and forget about Malzilla at this stage, and I can really understand them. Unless you are very interested in malicious web page analysis this software definitively isn't for you.

  • slide 6 of 10
  • slide 7 of 10

    Features & Performance

    Rating Average

    When “browsing" web sites using Malzilla you can specify whether you would like to be recognized as if you were using Firefox, Internet Explorer or another user agent to study the mechanisms malicious website employ to infect their visitors with drive-by downloads. To help tricking the web site you can define and mimic any referrer, that is the information which web site you are coming from.

    Malzilla shows you the entire source code of a website including full HTTP header information. Moreover, it permits you to decode and deobfuscate Java scripts which, for instance, can be very helpful for analyzing websites selling fake software such a performance optimizers and antivirus programs by means of a rogue system messages.

    The malware hunting tool works with proxies. However, as most proxies have difficulties processing advanced scripts and/or modify http header information you may want to use Malzilla without a proxy unless you have good reasons.

  • slide 8 of 10

    Price to Value

    Rating Average

    Malzilla is open source and completely free.

  • slide 9 of 10

    The Bottom Line

    Malzilla is helpful for malware analysts, IT experts and students in a higher education interested in Web page and JavaScript deobfuscation. As a best practice use an isolated test systems which has no real data when analyzing malicious websites. This is a general safe measure not restricted to the Malzilla malware hunting tool.

  • slide 10 of 10

    Reference and More Firefox Add-ons Reviews

    • FEBE: Firefox Environment Backup Extension

    Screenshots taken by the author

    Author's own experience