Monday, January 11, 2010

Malicious Site Reports: Dangerous .RU Domains

The following .ru domains were all privately registered on one of two dates (2009.10.28 or 2009.11.22), were all last updated on the same date (2010.01.11), and all have been reported by Websense Security Labs, Malware Domain List, or others as being malicious.  Following are links to each domain's Web of Trust report:

http://www.mywot.com/en/scorecard/ampsguide.ru
http://www.mywot.com/en/scorecard/bestbob.ru
http://www.mywot.com/en/scorecard/burkewebservices.ru
http://www.mywot.com/en/scorecard/carswebnet.ru
http://www.mywot.com/en/scorecard/funwebmail.ru
http://www.mywot.com/en/scorecard/greatwebradio.ru
http://www.mywot.com/en/scorecard/guidebat.ru
http://www.mywot.com/en/scorecard/johnsite.ru
http://www.mywot.com/en/scorecard/lagworld.ru
http://www.mywot.com/en/scorecard/manbest.ru
http://www.mywot.com/en/scorecard/suesite.ru
http://www.mywot.com/en/scorecard/superaguide.ru
http://www.mywot.com/en/scorecard/superore.ru
http://www.mywot.com/en/scorecard/theaonline.ru
http://www.mywot.com/en/scorecard/theatticsale.ru
http://www.mywot.com/en/scorecard/theaworld.ru
http://www.mywot.com/en/scorecard/thechocolateweb.ru
http://www.mywot.com/en/scorecard/thelaceweb.ru
http://www.mywot.com/en/scorecard/themobilewindow.ru
http://www.mywot.com/en/scorecard/themobisite.ru
http://www.mywot.com/en/scorecard/usaworldwideweb.ru
http://www.mywot.com/en/scorecard/warbest.ru
http://www.mywot.com/en/scorecard/webdesktopnet.ru
http://www.mywot.com/en/scorecard/webdirectbroker.ru
http://www.mywot.com/en/scorecard/weblessnet.ru
http://www.mywot.com/en/scorecard/webnetenglish.ru
http://www.mywot.com/en/scorecard/webnetlender.ru
http://www.mywot.com/en/scorecard/webnetloans.ru
http://www.mywot.com/en/scorecard/worldsouth.ru
http://www.mywot.com/en/scorecard/worldwebworld.ru
http://www.mywot.com/en/scorecard/xboxliveweb.ru

Links to these sites usually contain deceptive subdomains and directories in an attempt to trick novice Web users and to increase search result rankings (see example URLs by clicking on the Malware Domain List link below).

Sources:
http://twitter.com/websenselabs/status/7449997556
http://www.malwaredomainlist.com/mdl.php?search=dibs%40freemailbox.ru&colsearch=All&quantity=All
http://www.siteadvisor.com/sites/burkewebservices.ru/postid/?p=3454286#post3454286

See also these various other reports for the domains listed above:

http://safeweb.norton.com/report/show?name=bestbob.ru ("red" rating for viruses)
http://safeweb.norton.com/report/show?name=carswebnet.ru ("red" rating for viruses)
http://safeweb.norton.com/report/show?name=guidebat.ru ("red" rating for viruses)
http://safeweb.norton.com/report/show?name=superore.ru ("red" rating for viruses)
http://safeweb.norton.com/report/show?name=theatticsale.ru ("red" rating for viruses)
http://hosts-file.net/?s=theatticsale.ru ("EXP" category: "sites engaged in or alleged to be engaged in the exploitation of browser and OS vulnerabilities as well as the exploitation of gray-matter")
http://safeweb.norton.com/report/show?name=themobilewindow.ru ("red" rating for viruses)
http://safeweb.norton.com/report/show?name=themobisite.ru ("red" rating for viruses)
http://www.siteadvisor.com/sites/weblessnet.ru ("red" rating: "McAfee TrustedSource web reputation analysis found potential security risks with this site. Use with extreme caution.")
http://safeweb.norton.com/report/show?name=webnetenglish.ru ("red" rating for viruses)
http://www.siteadvisor.com/sites/webnetloans.ru ("red" rating: "McAfee TrustedSource web reputation analysis found potential security risks with this site. Use with extreme caution.")
http://safeweb.norton.com/report/show?name=worldwebworld.ru ("red" rating for viruses)


For more from the JoshMeister on Security, please subscribe to the RSS feed or follow me on Twitter.

No comments:

Post a Comment

Comment moderation is enabled. (If you wish to contact Josh privately, you can leave a comment and ask that it not be published.)