I've never seen a registrar with such prominent links to reports of "Spam or Abuse", but there is a good reason for this: most of the malicious sites (fake AV, browser exploits, etc.), spam and free proxies seen in recent weeks use co.cc domains.
One of the 3 links to report spam and abuse at www.co.cc
All of the fake AV sites we've seen since July 1st are .co.cc domains, including sunclear.co.cc, avsolution20.co.cc, truefind49p.co.cc, oksave5.co.cc, fillfree21.co.cc, etc.
37% of all free proxies we've seen from our customers in the past 5 days are .co.cc including: surflife.co.cc, feelmuchbetter.co.cc, pickupsurf.co.cc, surfday.co.cc, etc.
Example of a malicious co.cc domain
Here is an example of malicious co.cc site: hxxp://flashupdate.co.cc/ As its name suggests, the sites tries to lure users into thinking they are downloading a never version of the Flash plugin. The page was made for Internet Explorer users. It displays a fake IE warning that the flash version is too old, and automatically attempt to download a malicious executable v11_adobe_flash_update.exe. This executable is flagged by only 9 antivirus vendors out of 41.
Malicious site faking a Flash upgrade
-- Julien
Posts
0 comments:
Post a Comment