Zscaler to Expand Zero Trust Exchange Platform's AI Cloud with Data Fabric Purpose-built for Security

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Subscribe
Security Research

A Week Of Research

image
JULIEN SOBRIER
August 24, 2010 - 2 min read

This post is a little bit different from what I usually write. Rather than explaining one topic, I'd like to provide insight into what we uncover during a typical week of research. Here are some of the malicious pages that I found this week during some research not related to spam SEO.

Phishing

Facebook phishing pages are showing up regularly. I uncovered an Italian phishing page at hxxp://facebookentry.altervista.org/. The page looked exactly like the Facebook login page, but all the links produce a blank page. It looks like the author focused on getting the main page right, but did not bother to create fake links. Anyway, I guess most  people will fill out the form right away and will not check the links.

This page has been up for more than a week.

Image
Italian Facebook Phishing page

Another Facebook phishing page that I uncovered was hosted at hxxp://www.facebookconfirmation.com/ - a great domain name! I have not seen this login or "confirmation" page anywhere on Facebook, but I'm sure it fooled many people. The domain is registered bin Russia.

Image
Fake Facebook confirmation page

Fake antivirus vendor

hxxp://generalavs.com/ looks like an online store for antivirus. You are invited to try their software for free, and you must even accept their "Terms and Conditions". The executable GeneralAntivirus4.exe which a user is prompted to download, is actually a virus. Fortunately, it is detected by 90% of the AV vendors.


Image
Fave AV online store

hxxp://bulletproofsoft.com/ is a similar malware site, but it has more than 10 executables for download. The detection rate among AV vendors is much lower at about 40%.

Image
Malicious sites for download
These are examples of all the malicious sites that are out there. Once again, using Google Safe Browsing (with Firefox, Opera, Safari) or SmartScreen filters (Internet Explorer) does not help. None of these sites were flagged. They have been up for several days, probably weeks, and may not be taken down any time soon.

Antivirus can help to protect against some malware, but they are not a silver bullet.

-- Julien
form submtited
Thank you for reading

Was this post useful?

dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.