Hosts News

Enjoy the Holidays!

Google search results poisoned again

I started to notice a few rather odd results while researching another malware site ... (highlighted in red) as you can see below this affects quite a few big names ... so be careful of the links you click ...

In the Microsoft link above (as well as all the others) the link redirects to: (URLs disabled)
hxxp://00119922. com/in.php?&n=837&t=Free+Xxx+Movies+Sharing

Which then redirects to:
hxxp://all-porn-tubes-here. com/xplay.php?id=1555

Then you see the ever famous "You must download Video ActiveX Object to play this video file" which wants you to download "exclusivemovie.1555.exe" ... from "codecdownload.downloadexenow. com" this is not very well detected [VirusTotal results]

00119922. com and 098765. com are hosted at:
[Starnet S.r.l][AS31252][87.248.163.0 - 87.248.163.255]

all-porn-tubes-here. com is hosted at:
[Noc4hosts][AS29802][74.50.96.0 - 74.50.127.255]

Google Diagnostic reports: Site is listed as suspicious - visiting this web site may harm your computer.
Malicious software includes 220 scripting exploit(s), 21 trojan(s).

codecdownload.downloadexenow. com is hosted at:
[Eu-zz][AS12553][94.247.2.0 - 94.247.3.255]

Google Diagnostic reports: Site is listed as suspicious - visiting this web site may harm your computer.
Malicious software includes 23 trojan(s).

Hopefully Google can get these type results cleaned-up before too many unsuspecting people get infected.

Google Diagnostic now reports on entire Networks

Recently the "Google SafeBrowser Diagnostic" has added a new feature where they not only report on malicious content on individual pages, it now reports on entire Networks (IP Blocks) ... in the below example (HopOne) is a relatively small network, but the results are one of the reasons why there is so much malicious activity on the Internet ...

"304 sites that resulted in malicious software being downloaded without user consent" ... now that is actual sites not counting the other sites that may link to these malicious sites ... then "48 sites that were intermediaries for the infection of 1433 other sites" and then "46 sites that infected 1280 other sites" so as you can see the 304 sites is certainly a greater number than it sounds ...

Now if you look at the first example Google uses (analystic .org) the problem expands ... just look at the below numbers ...
"3054 scripting exploit(s), 175 trojan(s), 5 exploit(s)" and that's just one site ... scanned yesterday!

Hopone Internet is based out of Toronto ... sounds like it's time someone should contact their upstream provider and demand that Hopone clean up their act or cut off their routing to the Internet ... much like what happened to McColo ... one can only hope ...

I'm Back ...

First let me say ... Moving Sucks! ... at least everything went well ... Comcast (my ISP) had me back up and running the very next day! We are still unpacking and figuring out where to put everything ... did I say Moving Sucks! ... at least I'm all caught up with emails and the HOSTS Mailing List, etc.

Hopefully now I can get back to tracking down the bad guys ...

Today is moving day

Folks I'll be out of touch for a few days ... we're moving and hopefully everything goes smooth ...

Comcast (my ISP) says they can transfer my account since we are moving locally ... we'll see ...