Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on September 27, 2012, 09:03:52 PM

Title: Malaysian phishing site also engaged in spamming...
Post by: polonus on September 27, 2012, 09:03:52 PM

See: http://zulu.zscaler.com/submission/show/49129fbb5c18766f09e3fba769d54db2-1348771205
mali server there at IP: http://www.reversemx.com/mx/mail2.jendela.biz/
spotted at projecthoneypot 1 week ago: http://www.projecthoneypot.org/ip_42.1.60.146 (registered since 2011)
blocked by google safebrowsing: http://203.154.18.120/.na/.7/?https://www.nwolb.com/default.aspx?refererident=A2B27C80DB36139B13A59AD0AA79D84E23B04A24&cookieid=6680&noscr=false&CookieCheck=2012-09-26T07:49:55

polonus

As we would have a protocol where all non-malicious sites would need authorization, we could easily ruin spam and malware  campaigns from the start on.
This could be achieved on a request response protocol basis, somewhat like DNS, and the non-suspicious status could be checked against a central authority that was being fed with all the information on the baddies from all sorts of anti-malware resources. Sources that have loads and loads of info on the baddies.
So no malicious website/hoster/server could escape the sinkhole or they had to meet the standards of the central authorities. This idea was launched by Roger Grimes a Security Adviser. Shall we see it implimented in our days?

D

Title: Re: Malaysian phishing site also engaged in spamming...
Post by: Pondus on September 27, 2012, 09:27:43 PM

Listed at hpHosts
http://hosts-file.net/default.asp?s=http%3A%2F%2Fjendela.biz%2F.n%2F

and PhishTank ....meaning those using openDNS is protected
http://www.phishtank.com/phish_detail.php?phish_id=1574169