lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 20 Dec 2009 21:29:04 +0200 From: "MustLive" <mustlive@...security.com.ua> To: <full-disclosure@...ts.grok.org.uk> Subject: Infected google.com, yahoo.com and blogspot.com Hello participants of Full-Disclosure. Let's talk about infected sites of Google and Yahoo. As I wrote yesterday in my post Infected google.com, yahoo.com and blogspot.com (http://websecurity.com.ua/3786/), web sites of Google and Yahoo were infected over the last 90 days. All mentioned quotes (from Google's site) are at state of yesterday (19.12.2009) and you can see current state of these sites by provided links. Google updates their data regularly. When I found possibility to use Safe Browsing from Google (http://websecurity.com.ua/3785/) for checking of the sites for infectiousness, at first I made diagnostic of few popular web sites. And I've got very interesting results ;-). Among the first sites checked by me were google.com, yahoo.com and blogspot.com, which were found infected over the last 90 days. That blogspot.com (it's one of domains of Google's service Blogger) was found infected didn't surprise me, because last year I wrote about that this site of Google was using for malware spreading (http://websecurity.com.ua/2310/) (according to data of Sophos), but that google.com itself was infected and also yahoo.com, it's already a news. Google Safe Browsing diagnostic page for google.com (http://google.com/safebrowsing/diagnostic?site=google.com) is informing about (quote): This site is not currently listed as suspicious. Part of this site was listed for suspicious activity 1 time(s) over the past 90 days. And also (quote): Of the 70146 pages we tested on the site over the past 90 days, 4 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-12-19, and the last time suspicious content was found on this site was on 2009-12-16. Malicious software includes 7 scripting exploit(s), 1 trojan(s). Successful infection resulted in an average of 1 new process(es) on the target machine. Also information about that malicious software is hosted on 14 domains, that 7 domains appear to be functioning as intermediaries for distributing malware to visitors of this site, and also (quote): Over the past 90 days, google.com appeared to function as an intermediary for the infection of 10 site(s) So Google's site was infected recently (16.12.2009). After that it was cleared from infection, but the fact remains. Thus Information Leakage at this service of Google leaded to leakage of information about infectiousness of own site. This is such humor of Google - to disclose information about infectiousness of own sites :-). From other side - it's good that Google honestly admit it. Google Safe Browsing diagnostic page for yahoo.com (http://google.com/safebrowsing/diagnostic?site=yahoo.com) is informing about (quote): This site is not currently listed as suspicious. Part of this site was listed for suspicious activity 2 time(s) over the past 90 days. And also (quote): Of the 17710 pages we tested on the site over the past 90 days, 15 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-12-19, and the last time suspicious content was found on this site was on 2009-12-13. Malicious software includes 113 scripting exploit(s), 58 trojan(s), 8 exploit(s). Successful infection resulted in an average of 2 new process(es) on the target machine. Also information about that malicious software is hosted on 25 domains, that 13 domains appear to be functioning as intermediaries for distributing malware to visitors of this site. Evidently Yahoo followed the path of Google. Google Safe Browsing diagnostic page for blogspot.com (http://google.com/safebrowsing/diagnostic?site=blogspot.com) is informing about (quote): This site is not currently listed as suspicious. Part of this site was listed for suspicious activity 462 time(s) over the past 90 days. And also (quote): Of the 2112321 pages we tested on the site over the past 90 days, 19127 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-12-19, and the last time suspicious content was found on this site was on 2009-12-19. Malicious software includes 21423 worm(s), 11635 trojan(s), 3186 scripting exploit(s). Successful infection resulted in an average of 16 new process(es) on the target machine. Also information about that malicious software is hosted on 3825 domains, that 1592 domains appear to be functioning as intermediaries for distributing malware to visitors of this site, and also (quote): Over the past 90 days, blogspot.com appeared to function as an intermediary for the infection of 23 site(s) including euroddl.com/, alfawarez.com/, ddlspot.com/. And also (quote): Yes, this site has hosted malicious software over the past 90 days. It infected 9 domain(s), including tisuituputih.blogspot.com/, enfermagemsu.blogspot.com/, elltoro.com/. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists