[LINK] Google site warning on News.com.au
kim at holburn.net
Wed Nov 12 09:31:05 EST 2008
On 2008/Nov/11, at 11:14 PM, Fernando Cassia wrote:
> On Tue, Nov 11, 2008 at 6:42 PM, Rick Welykochy <rick at praxis.com.au>
>> Richard Chirgwin wrote:
>>> ...and there on the first page of results was a News.com.au link:
>>> ...with Google's "this site may harm your computer" warning...
>>> using the
>>> target URL brings up just the News.com.au link with the warning.
>> Here is why: other sites accessed by News.Com are nasties:
>> "[The] Malicious software includes 33 scripting exploit(s),
>> 4 exploit(s). Successful infection resulted in an average
>> of 3 new processes on the target machine."
>> This is simply not acceptable behaviour for a major news portal.
>> Isn't it.
> There seems to be a problem with Google's reporting feature where
> can flag a given URL as malware-providing
> See here
> It branded PalmOS.com and a JavaFX blog as "harmful" before. The
> sites were clueless of how to get rid of that flag.
> I guess it can badly harm any legit site if enough people submit
> against it...
In this case the diagnostic page says the following which is pretty
specific (31 pages resulted in malicious software being downloaded):
> What is the current listing status for ink.news.com.au?
> Site is listed as suspicious - visiting this web site may harm
> your computer.
> Part of this site was listed for suspicious activity 2 time(s)
> over the past 90 days.
> What happened when Google visited this site?
> Of the 284 pages we tested on the site over the past 90 days, 31
> page(s) resulted in malicious software being downloaded and
> installed without user consent. The last time Google visited this
> site was on 2008-11-02, and the last time suspicious content was
> found on this site was on 2008-11-02.
> Malicious software includes 33 scripting exploit(s), 4
> exploit(s). Successful infection resulted in an average of 3 new
> processes on the target machine.
> Malicious software is hosted on 9 domain(s), including
> p060523.info, douhunqn.cn, ppexe.com.
> 4 domain(s) appear to be functioning as intermediaries for
> distributing malware to visitors of this site, including
> douhunqn.cn, letusearch.com, kkexe.com.
> Has this site acted as an intermediary resulting in further
> distribution of malware?
> Over the past 90 days, ink.news.com.au did not appear to
> function as an intermediary for the infection of any sites.
> Has this site hosted malware?
> Yes, this site has hosted malicious software over the past 90
> days. It infected 1 domain(s), including masalafiles.com.
> Just my $0.02
> Link mailing list
> Link at mailman.anu.edu.au
IT Network & Security Consultant
Ph: +39 06 855 4294 M: +39 3494957443
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
More information about the Link