This post is a little bit different from what I usually write. Rather than explaining one topic, I'd like to provide insight into what we uncover during a typical week of research. Here are some of the malicious pages that I found this week during some research not related to spam SEO.
Phishing
Facebook phishing pages are showing up regularly. I uncovered an Italian phishing page at hxxp://facebookentry.altervista.org/. The page looked exactly like the Facebook login page, but all the links produce a blank page. It looks like the author focused on getting the main page right, but did not bother to create fake links. Anyway, I guess most people will fill out the form right away and will not check the links.
This page has been up for more than a week.
Another Facebook phishing page that I uncovered was hosted at hxxp://www.facebookconfirmation.com/ - a great domain name! I have not seen this login or "confirmation" page anywhere on Facebook, but I'm sure it fooled many people. The domain is registered bin Russia.
Fake antivirus vendor
hxxp://generalavs.com/ looks like an online store for antivirus. You are invited to try their software for free, and you must even accept their "Terms and Conditions". The executable GeneralAntivirus4.exe which a user is prompted to download, is actually a virus. Fortunately, it is detected by 90% of the AV vendors.
hxxp://bulletproofsoft.com/ is a similar malware site, but it has more than 10 executables for download. The detection rate among AV vendors is much lower at about 40%.
These are examples of all the malicious sites that are out there. Once again, using Google Safe Browsing (with Firefox, Opera, Safari) or SmartScreen filters (Internet Explorer) does not help. None of these sites were flagged. They have been up for several days, probably weeks, and may not be taken down any time soon.
Antivirus can help to protect against some malware, but they are not a silver bullet.
-- Julien
Phishing
Facebook phishing pages are showing up regularly. I uncovered an Italian phishing page at hxxp://facebookentry.altervista.org/. The page looked exactly like the Facebook login page, but all the links produce a blank page. It looks like the author focused on getting the main page right, but did not bother to create fake links. Anyway, I guess most people will fill out the form right away and will not check the links.
This page has been up for more than a week.
 | |
| Italian Facebook Phishing page |
Another Facebook phishing page that I uncovered was hosted at hxxp://www.facebookconfirmation.com/ - a great domain name! I have not seen this login or "confirmation" page anywhere on Facebook, but I'm sure it fooled many people. The domain is registered bin Russia.
 |
| Fake Facebook confirmation page |
Fake antivirus vendor
hxxp://generalavs.com/ looks like an online store for antivirus. You are invited to try their software for free, and you must even accept their "Terms and Conditions". The executable GeneralAntivirus4.exe which a user is prompted to download, is actually a virus. Fortunately, it is detected by 90% of the AV vendors.
 |
| Fave AV online store |
hxxp://bulletproofsoft.com/ is a similar malware site, but it has more than 10 executables for download. The detection rate among AV vendors is much lower at about 40%.
 |
| Malicious sites for download |
Antivirus can help to protect against some malware, but they are not a silver bullet.
-- Julien
