This post is a little bit different from what I usually write. Rather than explaining one topic, I'd like to provide insight into what we uncover during a typical week of research. Here are some of the malicious pages that I found this week during some research not related to spam SEO.
Phishing
Facebook phishing pages are showing up regularly. I uncovered an Italian phishing page at hxxp://facebookentry.altervista.org/. The page looked exactly like the Facebook login page, but all the links produce a blank page. It looks like the author focused on getting the main page right, but did not bother to create fake links. Anyway, I guess most people will fill out the form right away and will not check the links.
This page has been up for more than a week.
 | |
| Italian Facebook Phishing page |
Another Facebook phishing page that I uncovered was hosted at hxxp://www.facebookconfirmation.com/ - a great domain name! I have not seen this login or "confirmation" page anywhere on Facebook, but I'm sure it fooled many people. The domain is registered bin Russia.
 |
| Fake Facebook confirmation page |
Fake antivirus vendor
hxxp://generalavs.com/ looks like an online store for antivirus. You are invited to try their software for free, and you must even accept their "Terms and Conditions". The executable GeneralAntivirus4.exe which a user is prompted to download, is actually a virus. Fortunately, it is detected by 90% of the AV vendors.
 |
| Fave AV online store |
hxxp://bulletproofsoft.com/ is a similar malware site, but it has more than 10 executables for download. The detection rate among AV vendors is much lower at about 40%.
 |
| Malicious sites for download |
Antivirus can help to protect against some malware, but they are not a silver bullet.
-- Julien
