Les vulnérabilités du VPN vous préoccupent ? Découvrez comment profiter de notre solution de migration VPN qui inclut 60 jours de service gratuit.

Blog Zscaler

Recevez les dernières mises à jour du blog de Zscaler dans votre boîte de réception

S'abonner
Recherche sur la sécurité

Alexa Illustrates Web Security Risks (part 2)

image
THREATLABZ
janvier 24, 2011 - 2 Min de lecture

I wanted to circle back and close the loop from my original post on this. First- not surprisingly I’m not the only one to have taken note at malicious sites landing in Alexa (reference sucuri.net blog).

I wrote some scripts to check a number of the domains listed in the Alexa top 1 million against Google SafeBrowsing (GSB), SURBL, and to cross-reference with MalwareDomainsList (MDL). In the previous post, I mentioned a few of my findings related to GSB and SURBL lookups - particularly FakeAV. Additionally, a number of the sites listed included porn sites that were listed in SURBL due to their advertisements within spam links. Snippet of some of the results.
ImageWhile the GSB and SURBL lookups for 1 million sites aren't very quick repeatable processes, it is a fairly quick process to do the cross-reference with the MDL (MDL list here). The results from today's Alexa and MDL intersection include 87 sites. However, several of the listed sites are overly aggressive listings on MDL's part- for example: hotfile.com, rapidshare.com, and stashbox.org are free file hosting services that are listed. Free file hosting services are frequently abused to store malware- however, the sites themselves are legitimate and should not be blocked at the domain level.

Some of the more interesting sites listed, include:

  • bulletproof-web.com - as the name suggests, it's a bullet-proof hosting provider

Image

  • bloggoogle.info, domaingoogle.info, hostinggoogle.info, datagoogle.info, businessgoogle.info - NeoSploit exploit kit (reference example)
  • gdfgdfgdgdfgdfg.in.ua - FakeAV drive-by redirect related to Twitter spam campaign (reference example)
  • protect-pc-2011.co.cc, multy-protect.co.cc, fastperot.co.cc - TDSS rootkit / FakeAV

Seeing these Alexa results further illustrates the threat of FakeAV and the recent come-back of NeoSploit in 2011 that others have highlighted with the release of its version 4 .

form submtited
Merci d'avoir lu l'article

Cet article a-t-il été utile ?

dots pattern

Recevez les dernières mises à jour du blog de Zscaler dans votre boîte de réception

En envoyant le formulaire, vous acceptez notre politique de confidentialité.