VPNの脆弱性に関する不安が広がっています。ZPAの60日間無料トライアルを利用して、VPNからの移行のメリットをお確かめください。

Zscalerのブログ

Zscalerの最新ブログ情報を受信

購読する
セキュリティリサーチ

Alexa Illustrates Web Security Risks (part 2)

image
THREATLABZ
1月 24, 2011 - 2 分で読了

I wanted to circle back and close the loop from my original post on this. First- not surprisingly I’m not the only one to have taken note at malicious sites landing in Alexa (reference sucuri.net blog).

I wrote some scripts to check a number of the domains listed in the Alexa top 1 million against Google SafeBrowsing (GSB), SURBL, and to cross-reference with MalwareDomainsList (MDL). In the previous post, I mentioned a few of my findings related to GSB and SURBL lookups - particularly FakeAV. Additionally, a number of the sites listed included porn sites that were listed in SURBL due to their advertisements within spam links. Snippet of some of the results.
ImageWhile the GSB and SURBL lookups for 1 million sites aren't very quick repeatable processes, it is a fairly quick process to do the cross-reference with the MDL (MDL list here). The results from today's Alexa and MDL intersection include 87 sites. However, several of the listed sites are overly aggressive listings on MDL's part- for example: hotfile.com, rapidshare.com, and stashbox.org are free file hosting services that are listed. Free file hosting services are frequently abused to store malware- however, the sites themselves are legitimate and should not be blocked at the domain level.

Some of the more interesting sites listed, include:

  • bulletproof-web.com - as the name suggests, it's a bullet-proof hosting provider

Image

  • bloggoogle.info, domaingoogle.info, hostinggoogle.info, datagoogle.info, businessgoogle.info - NeoSploit exploit kit (reference example)
  • gdfgdfgdgdfgdfg.in.ua - FakeAV drive-by redirect related to Twitter spam campaign (reference example)
  • protect-pc-2011.co.cc, multy-protect.co.cc, fastperot.co.cc - TDSS rootkit / FakeAV

Seeing these Alexa results further illustrates the threat of FakeAV and the recent come-back of NeoSploit in 2011 that others have highlighted with the release of its version 4 .

form submtited
お読みいただきありがとうございました

このブログは役に立ちましたか?

dots pattern

Zscalerの最新ブログ情報を受信

このフォームを送信することで、Zscalerのプライバシー ポリシーに同意したものとみなされます。