66 domains were deleted due to duplicates or false positives. Check out the “diff” file in the http://www.malwaredomains.com/files directory for more details.
Holy IFRAME Batman! I always wanted to say that
I wish that browsers would
a)ignore all iframes not from a different domain than the base domain.
I wish that all web crawlers (such as google) would:
b) not index (or place a warning) on any site which contains an iframe calling content from a different domain.
I wish that all web servers would:
- have an option to ignore any IFRAME statements when displaying back to the browser. So even if a site was hacked and an iframe injected into the code the web server would simply ignore it and not even send it to the end-user’s browser…
Dancho Danchev’s blog contains netblocks and domains which are involved in the continual IFRAME SEO Poisoning Attack. The latest attack successfully injects IFRAMES forwarding to the rogue security software and Zlob malware variants. Domains include:
mynudedirect(dot)com (already listed)
gift-vip(dot)net (already listed)
e.pepato(dot)org (already listed)
webmovies-b(dot)com, vipasotka(dot)com, golnanosat(dot)com, d08r(dot)cn and others (not yet listed- you should block ASAP. )
netblocks and IPs to block (which include multiple class-c’s) are located in his blog
Websense has an eye-opening writeup on how some malware is now using ARP cache-poisoning and making the infected machine into an HTTP proxy server. Poof! Your entire network is poisoned! Castlecops has a writeup from someone in China who has experienced this first hand: Machines which are declared clean by multiple AV products still suffer from the IFRAME. Yikes!