By: Julien Sobrier

A Week Of Research

AntiVirus

This post is a little bit different from what I usually write. Rather than explaining one topic, I'd like to provide insight into what we uncover during a typical week of research. Here are some of the malicious pages that I found this week during some research not related to spam SEO.

Phishing

Facebook phishing pages are showing up regularly. I uncovered an Italian phishing page at hxxp://facebookentry.altervista.org/. The page looked exactly like the Facebook login page, but all the links produce a blank page. It looks like the author focused on getting the main page right, but did not bother to create fake links. Anyway, I guess most  people will fill out the form right away and will not check the links.

This page has been up for more than a week.

Italian Facebook Phishing page

Another Facebook phishing page that I uncovered was hosted at hxxp://www.facebookconfirmation.com/ - a great domain name! I have not seen this login or "confirmation" page anywhere on Facebook, but I'm sure it fooled many people. The domain is registered bin Russia.

Fake Facebook confirmation page

Fake antivirus vendor

hxxp://generalavs.com/ looks like an online store for antivirus. You are invited to try their software for free, and you must even accept their "Terms and Conditions". The executable GeneralAntivirus4.exe which a user is prompted to download, is actually a virus. Fortunately, it is detected by 90% of the AV vendors.


Fave AV online store

hxxp://bulletproofsoft.com/ is a similar malware site, but it has more than 10 executables for download. The detection rate among AV vendors is much lower at about 40%.

Malicious sites for download
These are examples of all the malicious sites that are out there. Once again, using Google Safe Browsing (with Firefox, Opera, Safari) or SmartScreen filters (Internet Explorer) does not help. None of these sites were flagged. They have been up for several days, probably weeks, and may not be taken down any time soon.

Antivirus can help to protect against some malware, but they are not a silver bullet.

-- Julien

Learn more about Zscaler.