[LINK] Google site warning on News.com.au

Kim Holburn kim at holburn.net
Wed Nov 12 09:31:05 AEDT 2008


On 2008/Nov/11, at 11:14 PM, Fernando Cassia wrote:

> On Tue, Nov 11, 2008 at 6:42 PM, Rick Welykochy <rick at praxis.com.au>  
> wrote:
>
>> Richard Chirgwin wrote:
>>
>>> ...and there on the first page of results was a News.com.au link:
>>> <
>> http://www.google.com.au/interstitial?url=http://ink.news.com.au/mercury/mathguys/articles/1999/990224a3.htm
>>>
>>>
>>> ...with Google's "this site may harm your computer" warning...  
>>> using the
>>> target URL brings up just the News.com.au link with the warning.
>>
>> Here is why: other sites accessed by News.Com are nasties:
>>
>>
>> http://www.google.com/safebrowsing/diagnostic?site=http://ink.news.com.au/mercury/mathguys/articles/1999/990224a3.htm&hl=en
>>
>> *OR*
>>
>> http://tinyurl.com/6jpbd9
>>
>>
>>  "[The] Malicious software includes 33 scripting exploit(s),
>>   4 exploit(s). Successful infection resulted in an average
>>   of 3 new processes on the target machine."
>>
>>
>> This is simply not acceptable behaviour for a major news portal.  
>> Isn't it.
>
>
> There seems to be a problem with Google's reporting feature where  
> anybody
> can flag a given URL as malware-providing
>
> See here
> http://www.google.com/search?hl=en&safe=off&q=%22may+harm+your+computer%22+site%3Atheinquirer.net&btnG=Search
>
> It branded PalmOS.com and a JavaFX blog as "harmful" before. The  
> affected
> sites were clueless of how to get rid of that flag.
>
> I guess it can badly harm any legit site if enough people submit  
> reports
> against it...

In this case the diagnostic page says the following which is pretty  
specific (31 pages resulted in malicious software being downloaded):

> What is the current listing status for ink.news.com.au?
>
>     Site is listed as suspicious - visiting this web site may harm  
> your computer.
>
>     Part of this site was listed for suspicious activity 2 time(s)  
> over the past 90 days.
>
> What happened when Google visited this site?
>
>     Of the 284 pages we tested on the site over the past 90 days, 31  
> page(s) resulted in malicious software being downloaded and  
> installed without user consent. The last time Google visited this  
> site was on 2008-11-02, and the last time suspicious content was  
> found on this site was on 2008-11-02.
>
>     Malicious software includes 33 scripting exploit(s), 4  
> exploit(s). Successful infection resulted in an average of 3 new  
> processes on the target machine.
>
>     Malicious software is hosted on 9 domain(s), including  
> p060523.info, douhunqn.cn, ppexe.com.
>
>     4 domain(s) appear to be functioning as intermediaries for  
> distributing malware to visitors of this site, including  
> douhunqn.cn, letusearch.com, kkexe.com.
>
> Has this site acted as an intermediary resulting in further  
> distribution of malware?
>
>     Over the past 90 days, ink.news.com.au did not appear to  
> function as an intermediary for the infection of any sites.
>
> Has this site hosted malware?
>
>     Yes, this site has hosted malicious software over the past 90  
> days. It infected 1 domain(s), including masalafiles.com.
>
>

>
>
> Just my $0.02
> FC
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link

--
Kim Holburn
IT Network & Security Consultant
Ph: +39 06 855 4294  M: +39 3494957443
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request








More information about the Link mailing list