Thursday, July 15, 2010 is the new place for viruses, free proxies, spam, etc. offers free domain names with full DNS management. They claim more than 5 million domains names. .CC is for Cocos (Keiling) Islands. The sub-domain is managed by a Korean company.

I've never seen a registrar with such prominent links to reports of "Spam or Abuse", but there is a good reason for this: most of the malicious sites (fake AV, browser exploits, etc.), spam and free proxies seen in recent weeks use domains.

One of the 3 links to report spam and abuse at

All of  the fake AV sites we've seen since July 1st are domains, including,,,,, etc.

37% of all free proxies we've seen from our customers in the past 5 days are including:,,,, etc.

Example of a malicious domain

Here is an example of malicious site: hxxp:// As its name suggests,  the sites tries to lure users into thinking they are downloading a never version of the Flash plugin. The page was made for Internet Explorer users. It displays a fake IE warning that the  flash version is too old, and automatically attempt to download a malicious executable v11_adobe_flash_update.exe. This executable is flagged by only 9 antivirus vendors out of 41.

Malicious site faking a Flash upgrade

-- Julien

No comments: