Malicious bots sometimes connect to Ghost Sites. Actually Ghost Sites look not user friendly and the GUI Graphical User Interfaces is underdeveloped. But how can Ghost Sites technically be identified WITHOUT visiting them) The problem is by visiting you get infected.
Is there an approach of iron proof testing a Ghost Site for malicious before visiting? To run a browser in a sandbox and on a hypervizor would be after the test.
Please help us. Thank you!
Virtual machines should work fine, unless the malicious code identifies that it is running in a VM and shuts down. Old boxes could be useful for this with a ghost image for easy "revert to snapshot" capabilitty, that way it is running on genuine hardware and wont trigger a VM trap. It's more common to run stuff in virtual machines so this is probably less relevant in the future.
You could also use a regular reputation service or a list with bad domains and do comparisons. A passive IDS could probably also identify different exploitation types.
I'd use a custom browser with scripting disabled, then do probes using code and check the retrieved document for script includes and ActiveX / HTML5 bugs, but that requires programming skills.
Thank you for your help!