Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Alert: please treat these domains with extreme caution

January 2nd 2010 in Uncategorized

Originally spotted via this blog entry (you’ll see SpywareSucks cited in the comments).

Putting aside the fact that the author of the blog is completely wrong to claim that Google was blocking biggovernment.com because of “bad publicity”, we can be grateful that the author has brought some malvertizing domains to our attention.

Ironically, redstate.com has been having problems with malicious content itself

If you look at the screenshot of the Google Chrome alert posted at redstate.com, you will see that biggovernment.com was being blocked, but not because of any “bad publicity”, but rather because Google detected that biggovernment.com was serving content from statsistat.com – and yes, statsistat.com is definitely bad news.

image

 

Let’s try to answer a few of the gentleman’s questions:

Why would Google be marking BigGovernment.com as a page that has malware on it?

Because content from statsistats.com was detected.

I have never before received this warning from Google when going to BigGovernment. I suppose it is possible that BigGovernment did have malicious code on it. Of course, I would then also have to believe that in the following two hours BigGovernment isolated the malicious code and removed the code. Why?

biggovernment.com may not have detected or cleaned up anything at all.  It may be that the malicious code only appears once per IP address (or once per computer if browser/flash cookies are being used to control behaviour), which is a very common trick the bad guys use to make it difficult to prove that malicious content exists, or existed.  It may be that the malicious code only appears if the correct referrer is detected (another very common trick).

Well, how else would Google Chrome now be allowing you to go to BigGovernment.com without a warning?

Because the malicious code is no longer being detected.  See above.

Is their product malfunctioning?

No. See above.

Also, Safari uses the same system as Chrome for detecting malicious sites, why didn’t Safari give the same warning when I attempted to use it?

See above.

 

Now, let’s take a look at that domain…

 

statsistats.com
ICANN Registrar: DIRECTI
Created 26 December 2009

IP: 193.104.22.153 – Malta, Kratosweb-net

Sharing IP with statcstat.com, statdstat.com and (previously) statbstat.com.

Registrant hidden behind privacyprotect.org

*****

The IP range 193.104.22.% is an absolute treasure trove of potential danger – take a look at the following domains – all of them should be treated with extreme caution:

Bestcards.biz  | Nationaltravel.biz  | Advancepublicsafety.com  | An-ty-virusstore.net  | Antivirussoftdrink.com  | Antyvirustoolshop.net  | Bestscanada.com  | Biohomesecurity.com  | Cheapreadweb.com  | Eessentialoil.com  | Homevirusscan.com  | Malwareexamination.com  | Onlinewebstie.com  | Scaninternetworld.com  | Socialsecurityimaging.com  | Antispywaresofttoday.com  | Antivirussoftstore.com  | Antyspywaretoolnow.com  | Freeremovevirustool.com  | Onlinecheckdirect.com  | Onlineantivirusdirect.com  | Onlinesecurtydirect.com  | Virtualespywareremove.com  | Rootcollection.com  | Internetnonmalware.com  | Antivirusscanblog.com  | Antyspyvarescanblog.com  | Illnessremover.com  | Malwaredrop.com  | Antysoftwarestudy.com  | Scan-online-website.com  | Scanspiritonline.com  | Bestporncity.com  | Mediaboxvideo.com  | Mediafilmonline.com  | Pornmovieshot.com  | Statcstat.com  | Statdstat.com  | Statsistats.com  | Print-design.cn  | Beatthebearblackhole.com  | Chinaaaredarmy.com  | Thepoweblessninja.com  | Powertraffstakes.com  | 2009antispyware.net  | Againstspyware.com  | Anti-spyware-2010.net  | Antispycenterprof.com  | Antispyware24x7.com  | Antispywareglobal.com  | Antispywareonline.net  | Antispywaresnet.com  | Antispywarets.com  | Antispywareweb.net  | Antispyworldwideint.com  | Antisspywarescenter.com  | Antivirplatinum2009.com  | Antivirplatinum2010.com  | Antivirus-live.net  | Antivirus-service.net  | Antiviruscenter.net  | Antivirusexpert.net  | Antiviruslive-pro.com  | Antiviruslive2010.com  | Antiviruslivepro.com  | Antivirustop.net  | Bestantispysoft2010.com  | Eliminater2009pro.com  | Intsecureprof2010.com  | Itsafetyonline.com  | Ivirusidentify.com  | Iwebantispyware.com  | Iwebpcdoctor.com  | Iwebpcprotect.com  | Myprivatesoft2009.com  | Netantivirus.net  | Onlineantispysoft.com  | Osadwarekill2010.com  | Owndefender.com  | Pcdoctorz2010.com  | Pcprotect2010.com  | Pcsafety2009pro.com  | Pcsafetyplatinum.com  | Protection2010.com  | Protectorservice.com  | Security2010.net  | Securityprosoft.com  | Securityztop.com  | Spydetector2009.com  | Spywaredetect24pro.com  | Superantivirus.net  | System-deffender.com  | Systemprotector.net  | Threat-detector.com  | Threat-finder.com  | Viridentifycenter.com  | Virus-detector.net  | Virusdetect24.com  | Virusermoverpro2009.com  | Virusermoverpro2010.com  | Viruskill2010.com  | Virusremoveonline.com  | Web-antispyware.com  | Webantispysoftpro.com  | Websantispyware.com  | Webspydetectunlim.com  | Winguard2009.com  | Winguard2010.com  | Winshield2010.com  | Winvantivirus.com  | World-antispyware.com  | Worldantispyware1.com  | Worldprotection.net  | Worldsantispysoft.com  | 812jid.com  | 89364.net  | Nsrdomain.com  | Stpxy.com  | Carsaudioforum.com  | Clubusamusicguide.com  | Alphaprogressgroup.com  | An-ty-virustoday.net  | Antivirussoftspoken.com  | Antyvirustoolonline.net  | Bestinternetportal.com  | Bestsecuritylawyers.com  | Bestsecuritytool.net  | Bestsecurityworld.com  | Bordersecuritytools.net  | Buyonlineinternet.com  | Essentialoilharmony.com  | Greatbillingupdate.com  | Readnetbooks.com  | Scanbankonline.com  | Scanchinanet.com  | Superscanjet.com  | Trojanscansite.com  | Yourscantool.com  | Antispywareeasy.com  | Antispywaresoftonline.net  | Antyillegalsoftware.com  | Antyillegalsoftwaretool.com  | Antyspywaresonline.com  | Antyspywaretoolblog.com  | Ewebcheck.com  | Supersecurty.com  | Pianetaspywareremove.com  | Rootkiteraser.com  | Antiageonline.com  | Virusscanersite.com  | Antivirusscanimages.com  | Antyspyvarescapean.com  | Malwareremovesite.com  | Thebossremover.com  | Legacyvirusscan.com  | Newscanlifeonline.com  | Scanonlinesitenow.com


Comments are closed.

advertisingcommunity-s.com ICANN Registrar: DIRECTI Created 2 November 2009 IP: 217.23.10.16 – Worldstream, Netherlands. Registrant hidden behind Privacy Protect, dedicated hosting. Implicated in malvertizing incidents before: http://www.mywot.com/en/scorecard/advertisingcommunity-s.com ***** adrime.net ICANN Registrar: ENOM, INC Created 18 […]

Previous Entry

  There is some “excitement” over at CNET, thanks to an article about the so-called “GodMode” published by Ina Fried: http://news.cnet.com/8301-13860_3-10423985-56.html Ina Fried says that “Windows enthusiasts are excited over the discovery” (well, this one isn’t, thank you).  Putting aside the fact that the information has actually […]

Next Entry

Archives