Dear MustDie, Have you ever thought about suicide ?
2009/12/21 MustLive <[email protected]> > Hello participants of Full-Disclosure. > > Let's talk about infected sites of Google and Yahoo. > > As I wrote yesterday in my post Infected google.com, yahoo.com and > blogspot.com (http://websecurity.com.ua/3786/), web sites of Google and > Yahoo were infected over the last 90 days. All mentioned quotes (from > Google's site) are at state of yesterday (19.12.2009) and you can see > current state of these sites by provided links. Google updates their data > regularly. > > When I found possibility to use Safe Browsing from Google > (http://websecurity.com.ua/3785/) for checking of the sites for > infectiousness, at first I made diagnostic of few popular web sites. And > I've got very interesting results ;-). > > Among the first sites checked by me were google.com, yahoo.com and > blogspot.com, which were found infected over the last 90 days. That > blogspot.com (it's one of domains of Google's service Blogger) was found > infected didn't surprise me, because last year I wrote about that this site > of Google was using for malware spreading (http://websecurity.com.ua/2310/ > ) > (according to data of Sophos), but that google.com itself was infected and > also yahoo.com, it's already a news. > > Google Safe Browsing diagnostic page for google.com > (http://google.com/safebrowsing/diagnostic?site=google.com) is informing > about (quote): > > This site is not currently listed as suspicious. > > Part of this site was listed for suspicious activity 1 time(s) over the > past 90 days. > > And also (quote): > > Of the 70146 pages we tested on the site over the past 90 days, 4 > page(s) resulted in malicious software being downloaded and installed > without user consent. The last time Google visited this site was on > 2009-12-19, and the last time suspicious content was found on this site was > on 2009-12-16. > > Malicious software includes 7 scripting exploit(s), 1 trojan(s). > Successful infection resulted in an average of 1 new process(es) on the > target machine. > > Also information about that malicious software is hosted on 14 domains, > that > 7 domains appear to be functioning as intermediaries for distributing > malware to visitors of this site, and also (quote): > > Over the past 90 days, google.com appeared to function as an > intermediary for the infection of 10 site(s) > > So Google's site was infected recently (16.12.2009). After that it was > cleared from infection, but the fact remains. > > Thus Information Leakage at this service of Google leaded to leakage of > information about infectiousness of own site. This is such humor of Google > - > to disclose information about infectiousness of own sites :-). From other > side - it's good that Google honestly admit it. > > Google Safe Browsing diagnostic page for yahoo.com > (http://google.com/safebrowsing/diagnostic?site=yahoo.com) is informing > about (quote): > > This site is not currently listed as suspicious. > > Part of this site was listed for suspicious activity 2 time(s) over the > past 90 days. > > And also (quote): > > Of the 17710 pages we tested on the site over the past 90 days, 15 > page(s) resulted in malicious software being downloaded and installed > without user consent. The last time Google visited this site was on > 2009-12-19, and the last time suspicious content was found on this site was > on 2009-12-13. > > Malicious software includes 113 scripting exploit(s), 58 trojan(s), 8 > exploit(s). Successful infection resulted in an average of 2 new > process(es) > on the target machine. > > Also information about that malicious software is hosted on 25 domains, > that > 13 domains appear to be functioning as intermediaries for distributing > malware to visitors of this site. > > Evidently Yahoo followed the path of Google. > > Google Safe Browsing diagnostic page for blogspot.com > (http://google.com/safebrowsing/diagnostic?site=blogspot.com) is informing > about (quote): > > This site is not currently listed as suspicious. > > Part of this site was listed for suspicious activity 462 time(s) over > the past 90 days. > > And also (quote): > > Of the 2112321 pages we tested on the site over the past 90 days, 19127 > page(s) resulted in malicious software being downloaded and installed > without user consent. The last time Google visited this site was on > 2009-12-19, and the last time suspicious content was found on this site was > on 2009-12-19. > > Malicious software includes 21423 worm(s), 11635 trojan(s), 3186 > scripting exploit(s). Successful infection resulted in an average of 16 new > process(es) on the target machine. > > Also information about that malicious software is hosted on 3825 domains, > that 1592 domains appear to be functioning as intermediaries for > distributing malware to visitors of this site, and also (quote): > > Over the past 90 days, blogspot.com appeared to function as an > intermediary for the infection of 23 site(s) including euroddl.com/, > alfawarez.com/, ddlspot.com/. > > And also (quote): > > Yes, this site has hosted malicious software over the past 90 days. It > infected 9 domain(s), including tisuituputih.blogspot.com/, > enfermagemsu.blogspot.com/, elltoro.com/. > > Best wishes & regards, > MustLive > Administrator of Websecurity web site > http://websecurity.com.ua > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
