MAXHOSTING are a fairly prolific
evil network that I
profiled last month, so it isn't a huge surprise to see that the evilness continues as normal.
But one thing that made MAXHOSTING stand out today was their involvement in an apparent compromise on the BBC's website,
as reported by The Register. Google have
labelled the BBC's Radio 3 subsite as being potentially dangerous:
Safe Browsing
Diagnostic page for bbc.co.uk/radio3
What is the current listing status for bbc.co.uk/radio3?
Site is listed as suspicious - visiting this web site may harm your computer.
Part of this site was listed for suspicious activity 2 time(s) over the past 90 days.
What happened when Google visited this site?
Of the 15 pages we tested on the site over the past 90 days, 4 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-09-09, and the last time suspicious content was found on this site was on 2010-09-09.
Malicious software is hosted on 1 domain(s), including kfppp.com/.
1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including z145235.infobox.ru/.
This site was hosted on 1 network(s) including AS2818 (BBC).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, bbc.co.uk/radio3 did not appear to function as an intermediary for the infection of any sites.
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.
How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
So, what do we know about
kfppp.com? Well, it was registered one day ago via black hat domain registrar BIZCN to a fake recipient, and is hosted on a server at 77.78.240.253, which is in Maxhosting's range.. so obviously this is nothing good.
The trouble is that the BBC site seems clean and it is not apparent where the infection is coming from, but the BBC site
does carry ad banners for non-UK visitors, and it seems possible that a malvertisement somewhere is to blame. Although Google does sometimes make false positives, this particular report is very specific and I tend to believe that the BBC Radio 3 site is (or was) compromised with malicious code.
A full breakdown of current sites, IP addresses and MyWOT reputations can be
downloaded from here.
The best advice is to completely block traffic to 77.78.239.x and 77.78.240.x (or better still, the 77.78.224.0/19 parent block), or block traffic to the domains below.
Divambee35.net
Eagen85.net
Forceclub-us.com
Forceclub-us.net
Indep29.com
Investbabaika.com
Janoodle6.net
Levelin29-online.com
Levelin29-web.com
Levelin29.biz
Levelin29.com
Levelin29.net
Levelin29.org
Levelin29.us
Secsslup.com
Trazi.in
Zabil.in
Search-static.org
Vostokgear.org
The-funny-world.info
Francecore.com
Genreystick.com
Grand-vitaro-club.com
Odistanyachts.com
Statxonline.com
Xsbot.net
Planopetroleumteam.com
Acunetxweb.net
Gvist.org
Gvistello.net
Dottasink.net
Nowisisdudescars.com
Vancouvererrorsonfile.com
Whereisdudescars.com
Zettapetta.net
Google-server09.info
Google-server10.info
Google-server11.info
Google-server12.info
Google-server14.info
Google-server29.info
Google-server31.info
Google-server41.info
Google-server42.info
Google-server43.info
Jhuiuhxfgxhlfkjhjth.info
Jhuiuhxfgxhtfkjhjth.info
Jhuluhxfgxhlfkjhjth.info
Top-teen-porn.info
Traxbax.com
Gumile.in
Pro100-soft.net
Geerht.com
Ruslan7777.com
Hyporesist.com
Installs.tv
Thefriends-place.info
Thefunny-world.info
Easy-answers.info
Theeasy-answers.info
Vstils.ru
Clickwebanalitick.com
Hotporncatalog.com
Ns3emeringo.com
Thevipbuyconterst.com
Youngirlsactions.com
Ciougmxehgjesk.com
Kingdol.com
Pcf-osow.com
Pw2.info
Reservus.com
Server90.org
Homesiteuk.com
Narmedic.org
Pp24.biz
403403.net
Firmar.org
Cebere.net
Cebere.org
Ceberz.net
Ceberz.org
Ceterz.biz
Eccinput.com
Faststat.biz
Mainstatserver.com
Bestviewbar.net
Thestatserver.com
Angelx.info
Deltav.info
Fantasyv.info
Fantasyx.info
Francisx.info
Freel.info
Freev.info
Jeffreyl.info
Lmailing.info
Millionsincomingfrom.biz
Weaponx.info
Xcorps.info
Checkege.ru
Otvetege.ru
Sdalege.ru
Stylysxvk.ru
Vkxstile.ru
1-aa.com
Atringroup.com
Awejkgf.com
Winterleaf.org
Free-pac.net
Tsbd1984.com
Fornaticumlili.biz
Dwnld0020.com
Spmfb2299.com
Thephotos-galleries.info
Hosting-backup.org
Darksiti.net
Asmatrin.com
Mvk.net.ru
Mvk.net.ru
Mynewspages.com
Newsdownloads.cn
Nvk.net.ru
Nvk.net.ru
Rsite.net.ru
Rsite.net.ru
Supercarsinfo.net
Vkhost.net.ru
Vkhost.net.ru
Webvk.net.ru
Webvk.net.ru
Sec-stats.org
Eu-analytics.com
Google-stat.org
Auto-russo-trah.com
55echosend.com
66kooum.com
Avilantup.com
Bytrin.com
Club-world-auto.org
Erityng.com
Govenablog.org
Grebtiklop.com
Hercegovinablog.org
Horsebloggovena.org
Horseblogovena.org
Horsegovena.org
Janesblog.org
Nikranox.org
Roxenda.com
Zrefkilops.com
Activateoursoft.com
Graymageds.com
Orangeosol.com
Yellowaven.com
3423254353446.org
Myteen2011.com
Onrpg-cdn.com
Sed-machinery.com
Helpsupport.biz
Connectionsupport.org
Cansbass.com
Cheni.in
Coani.in
Decdo.in
Jaddf.com
Baffyko.com
Ddret.com
Fgtre.com
Gddff.com
Kkrrn.com
Poiiu.com
Rtyyv.com
Ssadf.com
Ssweq.com
Yyeed.com
Yyutr.com
Ghdre.com
Kvxxr.com
Rchjj.com
Krnnt.com
Kvccg.com
Rcggu.com
Rcsss.com
Wrrrt.com
1host4me.ru
Fun-gsm.ru