Jump to content

Recommended Posts

cant goggle be held responsible when they advertise theses links.

I.E. a sponsored Link that leads to a site that in turn is malware.

or better still

Malwaree.org/Anti-Malware.<rouge site not affilated to this one

look at the WOT rating,goggle sponsers fraud how the heck do they get away with this?

lllp://www.mywot.com/en/scorecard/malwaree.org

Link to post
Share on other sites

Many have asked that same question. And many security folks have notified google, and from what I've heard they only listen on occasion, but more often do nothing. I suppose money is their priority, not the security of their users. It's sad, but seems to be true. You want a real proof of concept? Do a search for malware and look at the sponsored links, or ccleaner, or security. Most if not all of the sponsored links will be for either rogues or borderline rogues, just don't click on any of them unless you know what you're doing. Most of them (thankfully) don't contain actual trojans or anything, but the companies and affiliates behind the ads do use deceptive marketing and less than stellar software with fake user ratings claiming their products are the best. It angers me more and more the more I see it. Fortunately, I don't see the ads anymore unless I want to thanks to my hosts file :D .

Link to post
Share on other sites

hi exile.

as it goes ive been wanting to ask you hostsman as i see you use it.

i was going to download this but firstly on the site i saw live links to malware sites,kinnda put me of a bit.

its seems to be a expert site and would explian the live links.

the site in total rasies no flags bar this one;

i was going to download it as a zip file buts thats only avalible via box.net

i allways check links nowadays before i go click (thanks to WOT) so i check box.net and its reported as this in at one point;

Malicious content, viruses

According to www.malwaredomainlist.com

it has Banker.nxi, Banker.nvh and Banker.nxp malware.

its also reported by

malware domain list themseleves

Malicious content, viruses

Appeared on a list of malware distributor

i kinnda worry about a program that downloads from said site.

do hostsman know anything about this or have you seen anything/know more about this.

or am i being over parniod?

simply put i would like the to use this program but not without knowing more about the above.if you can help tht is,mabye best to ask them themselves but i havent regged there yet due to being unsure about its live linking.

Link to post
Share on other sites

I believe box.net is just a generic web host (similar to live spaces and what not). I and others here can certainly vouch for HostsMan as being a legit app. I actually have malwardomainlist's hosts file in my list of hosts files downloaded and merged with my own for HostsMan so if it itself were malicious it should be on their list and wouldn't be accessible from my PC, but it is. As far as I can tell box is as malicious or nonmalicious as rapidshare, it really just depends on what file you're downloading :D .

Link to post
Share on other sites

@ mbyuser

I wish they could be held responsible...

I found that too! I have Malwarebytes bookmarked on my computer OR I just type the web address in directly to my browser, so I never google it anymore, but just for kicks and giggles I googled it yesterday and I saw that same malwareee. org website on the sponsored links too and I thought to myself, that sounds REALLY fishy... I've honestly always thought that sponsored links are fishy, especially if they seem to be trying to be a copycat of a real site (looks like they were trying to pretend to be like MBAM, haha, yeah RIGHT!).

I need to get on getting WOT.. hehe.

You didn't click on the link did you?

Link to post
Share on other sites

@ Exile

:)

(in response to your first reply in this thread). That's so angering :D After learning about this with Google from this thread and a few others I have come across, I come to wonder if its even safe to use Google as a search engine anymore. Do you know anything about this?

I NEVER click on sponsored links.

Link to post
Share on other sites

@ Mystery

:D

May I ask you a question about your blog? I am having a little trouble understanding a few things.

Edit: and is this page safe to go to? hxxp://hosts-file.net/misc/Google_Poisoning.txt I think so, but just double checking.

Link to post
Share on other sites

@ Mystery

Thanks, & glad its safe :D

Okay, so this paragraph:

"I've been monitoring the Google results since my last report on the Google poisoning issue, and have been saddened to see not a reduction in the amount of malicious URL's in the index - but an increase." What is the index you are talking about? Is that search results that come up when you do a google search or something else?

What's a spider? "I've seen thus far has had identical properties that for a search engine with a spider as good as Googles, should be easy enough to identify and erradicate;"

And then you have this:

"1. All URL's lead to a page with;

1. a 2.js file

2. jibberish in <pre></pre> tags and further such .htm pages linked to each other under neath (all pages linked to, have identical properties)

3. ALL pages on the domain link to each other, with identical tags (and ONLY link to these pages) and link to the 2.js file

4. ALL pages have title tags that have the name of the .htm file in them 3 times, for example;" etc etc...

Could you explain a little further when you have a moment what this is and how a person would get to a malicious site like that named above? And anything else you can think of that would be helpful.

Oh, and oop, I just clicked on this: hxxp://hosts-file.net/?s=www.antivirus-security.net Thinking it was another of your blog pages. Is it safe? (I added the xx's in by the way)

Link to post
Share on other sites

Okay, so this paragraph:

"I've been monitoring the Google results since my last report on the Google poisoning issue, and have been saddened to see not a reduction in the amount of malicious URL's in the index - but an increase." What is the index you are talking about? Is that search results that come up when you do a google search or something else?

The index is the search results :)

What's a spider? "I've seen thus far has had identical properties that for a search engine with a spider as good as Googles, should be easy enough to identify and erradicate;"

The spider is what search engines use to crawl and index websites

And then you have this:

"1. All URL's lead to a page with;

1. a 2.js file

2. jibberish in <pre></pre> tags and further such .htm pages linked to each other under neath (all pages linked to, have identical properties)

3. ALL pages on the domain link to each other, with identical tags (and ONLY link to these pages) and link to the 2.js file

4. ALL pages have title tags that have the name of the .htm file in them 3 times, for example;" etc etc...

Could you explain a little further when you have a moment what this is and how a person would get to a malicious site like that named above? And anything else you can think of that would be helpful.

These are files and identifiers that describe the characteristics of the malicious sites. You get to them usually via Google/Yahoo/Bing (aka Live) search results.

Oh, and oop, I just clicked on this: hxxp://hosts-file.net/?s=www.antivirus-security.net Thinking it was another of your blog pages. Is it safe? (I added the xx's in by the way)

It I link to a site, it's safe :D (I also own hosts-file.net)

Link to post
Share on other sites

@ Mystery

Thank you for answering that for me!

So for this:

"Could you explain a little further when you have a moment what this is and how a person would get to a malicious site like that named above? And anything else you can think of that would be helpful.

These are files and identifiers that describe the characteristics of the malicious sites. You get to them usually via Google/Yahoo/Bing (aka Live) search results."

So if you click on a search result link, you could then get infected? How would I (or anyone else) know what is safe or not? Or is it only certain links?

Link to post
Share on other sites

Those I described in the article, are very easily identifiable by the URL's and their respective titles (e.g. cadets.htm has cadets in the pages title), and the random folder names in between domain.com and the filename (e.g. bad.com/random/jibberish/cadets.htm).

Surfing with ActiveX and scripts disabled will prevent the vast majority of these infecting you :D

Link to post
Share on other sites

@ Mystery

Okay, thank you, that answers my question I think :D So basically its pretty obvious when there is a malicious site link, especially with the jibber jabber text? Part of my AVG has the link scanner, but I don't 100% trust it, just because there could be a mistake.

I basically have stopped surfing the internet because of all the crap out there, but hopefully sometime I'll feel comfortable doing it again sometime :) Essentially I check my web-based emails, I go to this site, a few other forums that I belong to, and a few other sites I can't remember right now, and that's been it for at least the last month or two. Maybe its overkill but I'm kinda scared of the internet at this point lol.

Is ActiveX only present in IE? I pretty much only use FF currently, I only use IE to manually check for Windows Updates. I haven't disabled scripts yet, I need to try out NoScripts soon :) And I need to get AdBlock Plus already too :)

Link to post
Share on other sites

ActiveX is in all versions of IE, and whilst FF doesn't have it natively, I do believe there's an add-on for it.

As far as security, the only other things I'd recommend for you, is HostsMan (abelhadigital.com) and either WoT (mywot.com) or SiteHound (firetrust.com), the latter of the two offer a free limited version, or a paid "full" version. Both WoT and SiteHound use the hpHosts database :D

I understand being scared of the internet to a degree, due to the amount of crap out there, coupled with the fact that legit sites aren't always safe anymore, but I'd recommend trying to steer from being scared, and instead, become accustomed to surfing safely. NoScript provides some safety for FF, but not complete safety, and as of late, NoScript also comes bundled with rubbish (mentioned on my blog). AdBlockPlus, whilst I've not used it myself (tend to prefer Orca Browser over FF as it's lighter, faster, and provides features I find useful, without requiring I faff around installing addons), is a great addition to FF.

See the following (also one of my sites) for additional info/advice;

http://mysteryfcm.co.uk/?mode=Articles&date=12-08-2008

Link to post
Share on other sites

@mystery

you say no script comes bundled with rubbish,looks like a long blog,read a few pages but i skimmed them for now,too hot to sit down and read et all as yet (heatwave),will be doing so soon thou,from what i diid glace at there did seam to some intresting and educational.

for now thou i ask if youve a direct link to the no script bunled with rubbish blog.

use no script witch i find usefull,and obviously would like to know what it is thats being bundled in with it.

also if you can help i didnt find the site i was looking for (post about spycheck site) lllp://www.malwarebytes.org/forums/index.php?showtopic=18339

i was looking for somthing like lllp://www.spywarewarrior.com/rogue_anti-spyware.htm what i did find was out off date,as is spware warrior if you do know off somthing more upto date.

mountaintree16

no i wouldnt/didnt click that link.

yes they deff think into copy catting malwarebytes.

that angers me google or who bbehind goggle cant be that stupid as to not know there sponsering a fraudulant site or at the least a rounge site.

exile.

thanks,makes sense,just rather ask than jusy bindly download anything nowadays,fed up with formatting becuse i downloaded some freeware only to find its not so free or worse.

well super hot day,hope your all enjoying it,sure would love a nice breaze myself.

Link to post
Share on other sites

@mystery

you say no script comes bundled with rubbish,looks like a long blog,read a few pages but i skimmed them for now,too hot to sit down and read et all as yet (heatwave),will be doing so soon thou,from what i diid glace at there did seam to some intresting and educational.

for now thou i ask if youve a direct link to the no script bunled with rubbish blog.

use no script witch i find usefull,and obviously would like to know what it is thats being bundled in with it.

That was my mistake unfortunately, as I didn't state clearly, it was *reported* to have come bundled with the Ask toolbar;

http://hphosts.blogspot.com/2009/05/open-s...to-malware.html

This has since been confirmed as inaccurate (there's an update on the blog mentioning this), meaning they either removed it, or the user was mistaken (I meant to mention that), the user has never responded to my knowledge, to confirm which was the case (I've been trying to get in touch with the user that reported it, to get hold of the installer she used).

also if you can help i didnt find the site i was looking for (post about spycheck site) lllp://www.malwarebytes.org/forums/index.php?showtopic=18339

i was looking for somthing like lllp://www.spywarewarrior.com/rogue_anti-spyware.htm what i did find was out off date,as is spware warrior if you do know off somthing more upto date.

I'm not aware of anything like the old SWW RAS listings existing anymore, but hpHosts, amongst others, allow you to do a quick check of a domain name to find out if it's associated with anything nefarious.

hosts-file.net

malwareurl.com

malwaredomainlist.com

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.