Barry Irwin
SensePost
May
20
I now count approximately 1.5million infected sites based on the updated list of domains at ShadowServer. SA infected pages are now up to 1 340, although this varies wildly based on the Google DC queried. Some large SA sites are still being re-infected.There's also a new consequence. Instead of just silently infecting your users with malware, which is hard to spot. Google is now blocking access to some of the sites, along with Firefox if you have the safe browsing lists enabled. If reputation doesn't drive action, falling ad revenues should.
Out of interest, Shadow Server lists the following domain and approximate number of infected pages as of the 14th of May 2008:
- www.nihaorr1.com - 468,000
- free.hostpinoy.info - 444,000
- xprmn4u.info - 369,000
- www.nmidahena.com - 140,000
- winzipices.cn - 75,000
- sb.5252.ws - 69,000
- www.aspder.com - 62,000
- www.11910.net - 47,000
- bbs.jueduizuan.com - 44,000
- www.bluell.cn - 44,000
- www.2117966.net - 39,000
- s.see9.us - 39,000
- xvgaoke.cn - 33,000
- www.414151.com - 17,000
- yl18.net - 15,000
- www.kisswow.com.cn - 13,000
- c.uc8010.com - 9500
- www.ririwow.cn - 6000
- www.killwow1.cn - 4000
- www.qiqigm.com - 3600
- www.wowgm1.cn - 3500
- www.wowyeye.cn - 2800
- 9i5t.cn - 2500
- computershello.cn - 2300
- www.z008.net - 1600
- b15.3322.org - 1200
- www.direct84.com - 1100
- www.caocaowow.cn - 900
- firestnamestea.cn - 700
- %61%31%38%38%2E%77%73 (a188.ws) - 500
- www.qiqi111.cn - 230
- www.banner82.com - 90
- smeisp.cn - 85
- okey123.cn - 55
- www.nihao112.com - 45
- free.edivid.info - 40
- h28.8800.org - 34
- ucmal.com - 30
- t.uc8010.com - 30
- www.dota11.cn - 25
- bc0.cn - 20
- www.adword71.com - 17
- w11.6600.org - 13
- usuc.us - 13
- newasp.com.cn - 7
- www.wowgm2.cn - 8
- 17ge.cn - 4
- www.adword72.com - 2
- www.117275.cn - 1
- vb008.cn - ?
- www.wow112.cn - ?
- www.nihaoel3.com - ?
Schneier on Security: Friday Squid Blogging: Preserving Giant Squid
0 Trackbacks