I wanted to circle back and close the loop from my original post on this. First- not surprisingly I’m not the only one to have taken note at malicious sites landing in Alexa (reference sucuri.net blog).
I wrote some scripts to check a number of the domains listed in the Alexa top 1 million against Google SafeBrowsing (GSB), SURBL, and to cross-reference with MalwareDomainsList (MDL). In the previous post, I mentioned a few of my findings related to GSB and SURBL lookups – particularly FakeAV. Additionally, a number of the sites listed included porn sites that were listed in SURBL due to their advertisements within spam links. Snippet of some of the results.
While the GSB and SURBL lookups for 1 million sites aren’t very quick repeatable processes, it is a fairly quick process to do the cross-reference with the MDL (MDL list here). The results from today’s Alexa and MDL intersection include 87 sites. However, several of the listed sites are overly aggressive listings on MDL’s part- for example: hotfile.com, rapidshare.com, and stashbox.org are free file hosting services that are listed. Free file hosting services are frequently abused to store malware- however, the sites themselves are legitimate and should not be blocked at the domain level.
Some of the more interesting sites listed, include:
- bulletproof-web.com – as the name suggests, it’s a bullet-proof hosting provider
- bloggoogle.info, domaingoogle.info, hostinggoogle.info, datagoogle.info, businessgoogle.info – NeoSploit exploit kit (reference example)
- gdfgdfgdgdfgdfg.in.ua – FakeAV drive-by redirect related to Twitter spam campaign (reference example)
- protect-pc-2011.co.cc, multy-protect.co.cc, fastperot.co.cc – TDSS rootkit / FakeAV
Seeing these Alexa results further illustrates the threat of FakeAV and the recent come-back of NeoSploit in 2011 that others have highlighted with the release of its version 4 (reference example).
Related Posts
- Alexa Illustrates Web Security Risks (part 1)
I recently needed to look at some Alexa data related to their tracking of the top web domains visited for a side project that I was working on.During my investigation of their data, I found it interes... - Cyber Crooks All Set to Crash the British Royal Wedding
As we have seen with many major events in the past, news of the British Royal Wedding is currently being used by cyber criminals to bolster their spam campaigns and push rogue antivirus software throu... - Top tips for Mac OS X security – Part 3
In the third and final part of my series on OS X security I will cover system security. If you missed out previous articles, check out part one on hardware security and part two which covers user secu... - Lorex Wireless Camera Security System Review by Chris Pirillo (Part 2)
CSA DISCLAIMER: This video taken from YouTube. As well as any other video found on this site is not hosted here, it just embedded, and it taken randomly by our system from video hosting services lik... - Top tips for Mac OS X security – Part 2
In the first part of this series I covered OS X tips related to physical security, in part two I will focus on the user.
These simple steps are things every Mac user should do. They provide a large i... - The great smartphone debate: take part and win a Naked Security t-shirt
Smartphones, such as iPhones, Androids and BlackBerrys, are a hot topic right now. Most of us have one, or we are desperate to get our hands on a newer, snazzier model.
On the street, you can spot a ... - Top tips for Mac OS X security – Part 1
This article is the first part of a three part series on Mac OS X security tips. As the additional articles are posted, we will update this post with links to the others.
I am certainly not the first... - F-secure internet security 2010 part 1
CSA DISCLAIMER: This video taken from YouTube. As well as any other video found on this site is not hosted here, it just embedded, and it taken randomly by our system from video hosting services lik... - The Phones Show 92 (Nokia 5730, Security part 2)
CSA DISCLAIMER: This video taken from YouTube. As well as any other video found on this site is not hosted here, it just embedded, and it taken randomly by our system from video hosting services lik... - Top 10 Cloud Security Risks
Like any model of IT services, the cloud introduces several security challenges specific to this paradigm of computing.
Below are my top 10 cloud-specific risks that customers should understand and a...
Posted on 08 February 2011. Tags: Alexa, Illustrates, Part, Risks, Security
While the GSB and SURBL lookups for 1 million sites aren’t very quick repeatable processes, it is a fairly quick process to do the cross-reference with the MDL (MDL list here). The results from today’s Alexa and MDL intersection include 87 sites. However, several of the listed sites are overly aggressive listings on MDL’s part- for example: hotfile.com, rapidshare.com, and stashbox.org are free file hosting services that are listed. Free file hosting services are frequently abused to store malware- however, the sites themselves are legitimate and should not be blocked at the domain level.
