Blog Zscaler

Recevez les dernières mises à jour du blog de Zscaler dans votre boîte de réception

S'abonner
Security Research

A Look at the Top Blocked Websites

image
JULIEN SOBRIER
mai 14, 2012 - 2 Min de lecture
Image
Google Safe Browsing is the most popular security denylist in use. It is leveraged by Firefox, Safari and Google Chrome. As such, being blocked by Google is a big deal - users of these three browsers are warned not to visit the sites and Google puts warnings in their search results.

I've run Google Safe Browsing against the top 1 million (based on number of visits) websites according to Alexa. 621 of them are blocked by Google Safe Browsing. I've looked at the most popular to understand why they are considered malicious. Here is what I found for the most popular blocked sites:

 
RankDomainThreatComment
6,239subtitleseeker.comMalicious JavaScriptHijacked
18,784financereports.coScamWork from home scam
35,610tryteens.comPDF malwarePorn
41,560iranact.coMalicious JavaScriptHijacked
47,016creativebookmark.comFake AVHijacked
52,409ffupdate.orgAdware download 
52,431vegweb.comMalicious JavaScriptHijacked
53,902delgets.comMalicious JavaScriptHijacked
78,202totalpad.comFake AVHijacked
81,403kvfan.netMalicious JavaScriptHijacked
82,344hgk.bizMalicious JavaScriptHijacked
83,858youngthroats.comMalicious IFRAMEPorn
125,305metro-ads.co.inMalicious JavaScriptHijacked
133,455salescript.infoMalicious JavaScriptHijacked
 
Image
http://financereports.co
Image
creativebookmark.com
Most of the top-ranked websites that have been blocked are not malicious by nature, but they have been hijacked. Malicious JavaScript, similar to the code we found on a French government website, or a malicious IFRAME is generally the culprit. It is interesting to notice that Google decided to denylist the infected site, rather than just blocking the external domain hosting the malicious content.

I have also checked to see which country the blocked domain is hosted in. Here is the breakdown:
 
Image

Most of the blocked sites are hosted in the US. Western Europe (especially Germany, France and the Netherlands) is number two, followed by China (8%).

There is a government website in this list: mdjjj.gov.cn. It contains malicious JavaScript for a third domain. The code is much more sophisticated that on the other sites on this list. The JavaScript is obfuscated, broken down in several files with a .jpeg extension. There is also a Flash exploit with a heap spray targeting Mac OS X, not unlike a Flash exploit we found on another Chinese site a few years ago. Windows users with Internet Explorer 6 and 7 users get the old "iepeers.dll" exploit (a different version for each browser).


No site is safe from hijacking. Personal websites and top-10,000 sites are all likely to be infected at some point.
form submtited
Merci d'avoir lu l'article

Cet article a-t-il été utile ?

Recevez les dernières mises à jour du blog de Zscaler dans votre boîte de réception

En envoyant le formulaire, vous acceptez notre politique de confidentialité.