Alert: please treat these domains with extreme caution
Originally spotted via this blog entry (you’ll see SpywareSucks cited in the comments).
Putting aside the fact that the author of the blog is completely wrong to claim that Google was blocking biggovernment.com because of “bad publicity”, we can be grateful that the author has brought some malvertizing domains to our attention.
Ironically, redstate.com has been having problems with malicious content itself…
If you look at the screenshot of the Google Chrome alert posted at redstate.com, you will see that biggovernment.com was being blocked, but not because of any “bad publicity”, but rather because Google detected that biggovernment.com was serving content from statsistat.com – and yes, statsistat.com is definitely bad news.
Let’s try to answer a few of the gentleman’s questions:
Why would Google be marking BigGovernment.com as a page that has malware on it?
Because content from statsistats.com was detected.
I have never before received this warning from Google when going to BigGovernment. I suppose it is possible that BigGovernment did have malicious code on it. Of course, I would then also have to believe that in the following two hours BigGovernment isolated the malicious code and removed the code. Why?
biggovernment.com may not have detected or cleaned up anything at all. It may be that the malicious code only appears once per IP address (or once per computer if browser/flash cookies are being used to control behaviour), which is a very common trick the bad guys use to make it difficult to prove that malicious content exists, or existed. It may be that the malicious code only appears if the correct referrer is detected (another very common trick).
Well, how else would Google Chrome now be allowing you to go to BigGovernment.com without a warning?
Because the malicious code is no longer being detected. See above.
Is their product malfunctioning?
No. See above.
Also, Safari uses the same system as Chrome for detecting malicious sites, why didn’t Safari give the same warning when I attempted to use it?
Now, let’s take a look at that domain…
ICANN Registrar: DIRECTI
Created 26 December 2009
IP: 22.214.171.124 - Malta, Kratosweb-net
Sharing IP with statcstat.com, statdstat.com and (previously) statbstat.com.
Registrant hidden behind privacyprotect.org
The IP range 193.104.22.% is an absolute treasure trove of potential danger - take a look at the following domains - all of them should be treated with extreme caution:
Bestcards.biz | Nationaltravel.biz | Advancepublicsafety.com | An-ty-virusstore.net | Antivirussoftdrink.com | Antyvirustoolshop.net | Bestscanada.com | Biohomesecurity.com | Cheapreadweb.com | Eessentialoil.com | Homevirusscan.com | Malwareexamination.com | Onlinewebstie.com | Scaninternetworld.com | Socialsecurityimaging.com | Antispywaresofttoday.com | Antivirussoftstore.com | Antyspywaretoolnow.com | Freeremovevirustool.com | Onlinecheckdirect.com | Onlineantivirusdirect.com | Onlinesecurtydirect.com | Virtualespywareremove.com | Rootcollection.com | Internetnonmalware.com | Antivirusscanblog.com | Antyspyvarescanblog.com | Illnessremover.com | Malwaredrop.com | Antysoftwarestudy.com | Scan-online-website.com | Scanspiritonline.com | Bestporncity.com | Mediaboxvideo.com | Mediafilmonline.com | Pornmovieshot.com | Statcstat.com | Statdstat.com | Statsistats.com | Print-design.cn | Beatthebearblackhole.com | Chinaaaredarmy.com | Thepoweblessninja.com | Powertraffstakes.com | 2009antispyware.net | Againstspyware.com | Anti-spyware-2010.net | Antispycenterprof.com | Antispyware24x7.com | Antispywareglobal.com | Antispywareonline.net | Antispywaresnet.com | Antispywarets.com | Antispywareweb.net | Antispyworldwideint.com | Antisspywarescenter.com | Antivirplatinum2009.com | Antivirplatinum2010.com | Antivirus-live.net | Antivirus-service.net | Antiviruscenter.net | Antivirusexpert.net | Antiviruslive-pro.com | Antiviruslive2010.com | Antiviruslivepro.com | Antivirustop.net | Bestantispysoft2010.com | Eliminater2009pro.com | Intsecureprof2010.com | Itsafetyonline.com | Ivirusidentify.com | Iwebantispyware.com | Iwebpcdoctor.com | Iwebpcprotect.com | Myprivatesoft2009.com | Netantivirus.net | Onlineantispysoft.com | Osadwarekill2010.com | Owndefender.com | Pcdoctorz2010.com | Pcprotect2010.com | Pcsafety2009pro.com | Pcsafetyplatinum.com | Protection2010.com | Protectorservice.com | Security2010.net | Securityprosoft.com | Securityztop.com | Spydetector2009.com | Spywaredetect24pro.com | Superantivirus.net | System-deffender.com | Systemprotector.net | Threat-detector.com | Threat-finder.com | Viridentifycenter.com | Virus-detector.net | Virusdetect24.com | Virusermoverpro2009.com | Virusermoverpro2010.com | Viruskill2010.com | Virusremoveonline.com | Web-antispyware.com | Webantispysoftpro.com | Websantispyware.com | Webspydetectunlim.com | Winguard2009.com | Winguard2010.com | Winshield2010.com | Winvantivirus.com | World-antispyware.com | Worldantispyware1.com | Worldprotection.net | Worldsantispysoft.com | 812jid.com | 89364.net | Nsrdomain.com | Stpxy.com | Carsaudioforum.com | Clubusamusicguide.com | Alphaprogressgroup.com | An-ty-virustoday.net | Antivirussoftspoken.com | Antyvirustoolonline.net | Bestinternetportal.com | Bestsecuritylawyers.com | Bestsecuritytool.net | Bestsecurityworld.com | Bordersecuritytools.net | Buyonlineinternet.com | Essentialoilharmony.com | Greatbillingupdate.com | Readnetbooks.com | Scanbankonline.com | Scanchinanet.com | Superscanjet.com | Trojanscansite.com | Yourscantool.com | Antispywareeasy.com | Antispywaresoftonline.net | Antyillegalsoftware.com | Antyillegalsoftwaretool.com | Antyspywaresonline.com | Antyspywaretoolblog.com | Ewebcheck.com | Supersecurty.com | Pianetaspywareremove.com | Rootkiteraser.com | Antiageonline.com | Virusscanersite.com | Antivirusscanimages.com | Antyspyvarescapean.com | Malwareremovesite.com | Thebossremover.com | Legacyvirusscan.com | Newscanlifeonline.com | Scanonlinesitenow.com