A lot of not-so-net-savvy kids are searching for Friv to play games (http://www.google.com/trends?q=friv) but as Friv.com isn't indexed by Google (it is by Bing, Yahoo...?) they get links to malware. I quickly found these two links - the first on page 1, the second on page 2. Just first "-" in URL to check them. Please look into this Google!
The Beladen mass compromise which we've been tracking at Websense is the final landing page after legit sites have been infected. The injected code first redirects users to googleanalytlcs.net (on the top 10) and then to a final landing page such as Beladen.
We expect beladen.net to be one of many sites to be used in this attack.
Attackers have already switched from sending users from googleanlytlcs.net to beladen.net to googleanalytlcs.net to shkarkimi.net
Why bother blocking just 10 sites? Block them all or maybe the top 100 or so. At least by blocking 100 you are blocking a bigger majority of malware out there than just 10.
Unfortunately, you cause software to block an entire root domain when just one subdomain, such as www.*.com has been hacked. This is unacceptable and unecessary because it can lead to loss of millions of dollars for just one server being hacked (which shouldn't happen, but does on occasion). Furthermore, your review process takes too long. It should be instantaneous. You should be more targeted in your reporting of malicious sites, and have an instantaneous review process.
@Brian: If having your site flagged as unsafe by Google can lead to you losing "millions of dollars", you're in the wrong business and crying on the wrong shoulder. No site in the world makes millions of dollars a day from search traffic, not even the almighty Google.
One would also argue that if you had that sort of income stream, security would be a bigger responsibility for you, and ideally you'd find out about the breach before Google does. Or are you the type of businessman who cries to the government when the reality of your ineptitude tampers with your bottom line ?
what a nice and the best kinds of the games platforms that’s why the most of the gamer are there to play and also to enjoy it the biggest kinds of the Friv games.
17 comments :
Looks like many are from China.
And also, one of them look to have tried to use Google Analytics (phishing).
hongjun
Gumblar.cn was added to the Google Safe Browsing list on 4/27?
Would this also handle the obfuscated code?
A lot of not-so-net-savvy kids are searching for Friv to play games (http://www.google.com/trends?q=friv) but as Friv.com isn't indexed by Google (it is by Bing, Yahoo...?) they get links to malware. I quickly found these two links - the first on page 1, the second on page 2. Just first "-" in URL to check them. Please look into this Google!
m-ops.optus.nu/cheatscoce/guthef.html
i-bigpak.altervista.org/tyson-da46/ocrezderr.html
The Beladen mass compromise which we've been tracking at Websense is the final landing page after legit sites have been infected. The injected code first redirects users to googleanalytlcs.net (on the top 10) and then to a final landing page such as Beladen.
We expect beladen.net to be one of many sites to be used in this attack.
Attackers have already switched from sending users from googleanlytlcs.net to beladen.net to googleanalytlcs.net to shkarkimi.net
http://securitylabs.websense.com/content/Alerts/3412.aspx
Thank you for this very interesting information! A pity that the Internet also has the negative side! Many greetings, heinka
If you were to publish a regularly updated service for top X Malware destinations, I would be most happy :)
Why bother blocking just 10 sites? Block them all or maybe the top 100 or so. At least by blocking 100 you are blocking a bigger majority of malware out there than just 10.
If you want a long list, just download the free blacklist at http://urlblacklist.com/?sec=download
Unfortunately, you cause software to block an entire root domain when just one subdomain, such as www.*.com has been hacked. This is unacceptable and unecessary because it can lead to loss of millions of dollars for just one server being hacked (which shouldn't happen, but does on occasion). Furthermore, your review process takes too long. It should be instantaneous. You should be more targeted in your reporting of malicious sites, and have an instantaneous review process.
@Brian: If having your site flagged as unsafe by Google can lead to you losing "millions of dollars", you're in the wrong business and crying on the wrong shoulder. No site in the world makes millions of dollars a day from search traffic, not even the almighty Google.
One would also argue that if you had that sort of income stream, security would be a bigger responsibility for you, and ideally you'd find out about the breach before Google does. Or are you the type of businessman who cries to the government when the reality of your ineptitude tampers with your bottom line ?
New on the list: http://x9p.ru:8080/ts/in.cgi?pepsi118
My host provider give me a solution, then a link to Slashdot article.
Te article Head Title is: R.I.P FTP.
Crazy as a Life!
What about pepsi in the url.
Crazy
How ca anyone do this? Its wrong and a disgrace.
what a nice and the best kinds of the games platforms that’s why the most of the gamer are there to play and also to enjoy it the biggest kinds of the Friv games.
Thank you for share this is such a very nice post i really like it your blog.
Security Audit
Post a Comment