It's been a while since I started writing a first prototype to try to catch as much malware (URLs and samples) as possible. Today I can say my project is all grown up as it's generating, daily, a feed with around 9.000 malware URLs and with a low rate of false positives (although there may be some).
The process of finding malware URLs in my tool used to be only a matter of finding suspicious URLs in social networks (Twitter and Identi.ca), checking mail accounts receiving loads of bad stuff and nothing else. At first. Today I'm using crawlers, honeypots, sandboxes, thirdy party public URL feeds, private URL feeds (provided under consent), executable unpackers, heuristic engines for Flash movies, PDFs, OLE2 documents, etc... It changed a lot and became a big project that, I hope, can give useful information for malware researchers.
As of today, the final result the general public can see, is just a single plain text file, that can be used with AdBlock, with all the URLs of the last week (you can grab the latest version of the feed in this link). However, in some weeks (perhaps months) we plan (a friend of mine and I) to add a web page and publish an API to let users do, at least, the following actions:
Check URLs
Find URLs or domains
Find how a malware appeared/spread
Find similar malwares during a given time frame
Setup notifications for known malwares reappearing
Setup notifications for similare malwares
Setup notifications for similar URL patterns
etc...
read more..............http://joxeankoret.com/blog/2013/01/26/malware-urls/