[LINK] Google site warning on News.com.au
Kim Holburn
kim at holburn.net
Wed Nov 12 09:31:05 AEDT 2008
On 2008/Nov/11, at 11:14 PM, Fernando Cassia wrote:
> On Tue, Nov 11, 2008 at 6:42 PM, Rick Welykochy <rick at praxis.com.au>
> wrote:
>
>> Richard Chirgwin wrote:
>>
>>> ...and there on the first page of results was a News.com.au link:
>>> <
>> http://www.google.com.au/interstitial?url=http://ink.news.com.au/mercury/mathguys/articles/1999/990224a3.htm
>>>
>>>
>>> ...with Google's "this site may harm your computer" warning...
>>> using the
>>> target URL brings up just the News.com.au link with the warning.
>>
>> Here is why: other sites accessed by News.Com are nasties:
>>
>>
>> http://www.google.com/safebrowsing/diagnostic?site=http://ink.news.com.au/mercury/mathguys/articles/1999/990224a3.htm&hl=en
>>
>> *OR*
>>
>> http://tinyurl.com/6jpbd9
>>
>>
>> "[The] Malicious software includes 33 scripting exploit(s),
>> 4 exploit(s). Successful infection resulted in an average
>> of 3 new processes on the target machine."
>>
>>
>> This is simply not acceptable behaviour for a major news portal.
>> Isn't it.
>
>
> There seems to be a problem with Google's reporting feature where
> anybody
> can flag a given URL as malware-providing
>
> See here
> http://www.google.com/search?hl=en&safe=off&q=%22may+harm+your+computer%22+site%3Atheinquirer.net&btnG=Search
>
> It branded PalmOS.com and a JavaFX blog as "harmful" before. The
> affected
> sites were clueless of how to get rid of that flag.
>
> I guess it can badly harm any legit site if enough people submit
> reports
> against it...
In this case the diagnostic page says the following which is pretty
specific (31 pages resulted in malicious software being downloaded):
> What is the current listing status for ink.news.com.au?
>
> Site is listed as suspicious - visiting this web site may harm
> your computer.
>
> Part of this site was listed for suspicious activity 2 time(s)
> over the past 90 days.
>
> What happened when Google visited this site?
>
> Of the 284 pages we tested on the site over the past 90 days, 31
> page(s) resulted in malicious software being downloaded and
> installed without user consent. The last time Google visited this
> site was on 2008-11-02, and the last time suspicious content was
> found on this site was on 2008-11-02.
>
> Malicious software includes 33 scripting exploit(s), 4
> exploit(s). Successful infection resulted in an average of 3 new
> processes on the target machine.
>
> Malicious software is hosted on 9 domain(s), including
> p060523.info, douhunqn.cn, ppexe.com.
>
> 4 domain(s) appear to be functioning as intermediaries for
> distributing malware to visitors of this site, including
> douhunqn.cn, letusearch.com, kkexe.com.
>
> Has this site acted as an intermediary resulting in further
> distribution of malware?
>
> Over the past 90 days, ink.news.com.au did not appear to
> function as an intermediary for the infection of any sites.
>
> Has this site hosted malware?
>
> Yes, this site has hosted malicious software over the past 90
> days. It infected 1 domain(s), including masalafiles.com.
>
>
>
>
> Just my $0.02
> FC
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
--
Kim Holburn
IT Network & Security Consultant
Ph: +39 06 855 4294 M: +39 3494957443
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
More information about the Link
mailing list