Blog de Zscaler

Reciba en su bandeja de entrada las últimas actualizaciones del blog de Zscaler

Suscribirse
Security Research

A Look at the Top Blocked Websites

image
JULIEN SOBRIER
May 14, 2012 - 2 Min de lectura
Security Insights

Contenido

  1. Article
  2. Más blogs
Image
Google Safe Browsing is the most popular security denylist in use. It is leveraged by Firefox, Safari and Google Chrome. As such, being blocked by Google is a big deal - users of these three browsers are warned not to visit the sites and Google puts warnings in their search results.

I've run Google Safe Browsing against the top 1 million (based on number of visits) websites according to Alexa. 621 of them are blocked by Google Safe Browsing. I've looked at the most popular to understand why they are considered malicious. Here is what I found for the most popular blocked sites:

 
RankDomainThreatComment
6,239subtitleseeker.comMalicious JavaScriptHijacked
18,784financereports.coScamWork from home scam
35,610tryteens.comPDF malwarePorn
41,560iranact.coMalicious JavaScriptHijacked
47,016creativebookmark.comFake AVHijacked
52,409ffupdate.orgAdware download 
52,431vegweb.comMalicious JavaScriptHijacked
53,902delgets.comMalicious JavaScriptHijacked
78,202totalpad.comFake AVHijacked
81,403kvfan.netMalicious JavaScriptHijacked
82,344hgk.bizMalicious JavaScriptHijacked
83,858youngthroats.comMalicious IFRAMEPorn
125,305metro-ads.co.inMalicious JavaScriptHijacked
133,455salescript.infoMalicious JavaScriptHijacked
 
Image
http://financereports.co
Image
creativebookmark.com
Most of the top-ranked websites that have been blocked are not malicious by nature, but they have been hijacked. Malicious JavaScript, similar to the code we found on a French government website, or a malicious IFRAME is generally the culprit. It is interesting to notice that Google decided to denylist the infected site, rather than just blocking the external domain hosting the malicious content.

I have also checked to see which country the blocked domain is hosted in. Here is the breakdown:
 
Image

Most of the blocked sites are hosted in the US. Western Europe (especially Germany, France and the Netherlands) is number two, followed by China (8%).

There is a government website in this list: mdjjj.gov.cn. It contains malicious JavaScript for a third domain. The code is much more sophisticated that on the other sites on this list. The JavaScript is obfuscated, broken down in several files with a .jpeg extension. There is also a Flash exploit with a heap spray targeting Mac OS X, not unlike a Flash exploit we found on another Chinese site a few years ago. Windows users with Internet Explorer 6 and 7 users get the old "iepeers.dll" exploit (a different version for each browser).


No site is safe from hijacking. Personal websites and top-10,000 sites are all likely to be infected at some point.
form submtited
Gracias por leer

¿Este post ha sido útil?

vote yes
Sí, ¡Muy útil!
vote no
La verdad, no

Explorar más blogs de Zscaler

A cyber criminal shopping for malware
Agniane Stealer: Dark Web’s Crypto Threat
Leer el blog
Business people walking through a city
The Impact of the SEC’s New Cybersecurity Policies
Leer el blog
Digital cloud illuminated in blue
Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)
Leer el blog
TOITOIN Trojan
The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region
Leer el blog

01 / 02

Reciba las últimas actualizaciones del blog de Zscaler en su bandeja de entrada

Al enviar el formulario, acepta nuestra política de privacidad.