Avast WEBforum

Other => Viruses and worms => Topic started by: sharu on July 07, 2011, 12:02:48 PM

Title: NIC.CZ.CC
Post by: sharu on July 07, 2011, 12:02:48 PM

The site nic.cz.cc (http://nic.cz.cc) has been blocked! I don't see a reason why it should be while other cz.cc sites are allowed. There is no option on Avast to block false positive on URL alert!

Title: Re: NIC.CZ.CC
Post by: Asyn on July 07, 2011, 12:10:39 PM

Report    2011-07-07 11:44:27 (GMT 1)
Website    nic.cz.cc
Domain Hash    f90bda8d700a724306d75ad0d713baa4
IP Address    207.58.177.96 [SCAN]
IP Hostname    nic.cz.cc
IP Country    US (United States)
AS Number    25847
AS Name    SERVINT - ServInt
Detections    1 / 23 (4 %)
Status    SUSPICIOUS

Trend Micro Site Safety Center    DETECTED


Report    2011-07-07 03:05:47 (GMT 1)
IP Address    207.58.177.96
IP Hostname    nic.cz.cc
IP Country    US
AS Number    N/A
AS Name    N/A
Detections    5 / 26 (19 %)
Status    DANGEROUS

Autoshun    DETECTED
Emerging Threats    DETECTED
MyWOT    DETECTED
Threat Log    DETECTED
ZeuS Tracker    DETECTED

Title: Re: NIC.CZ.CC
Post by: kubecj on July 07, 2011, 01:11:16 PM

Such false doesn't matter much, since cz.cc is root of all evil, right? <g>

Title: Re: NIC.CZ.CC
Post by: DavidR on July 07, 2011, 01:48:37 PM

I though it was co.cc, which is a hosting service, 2 free sub domains and 15000 sub domains for $1000. This is meant to be where much of the malware hosting is going on; so much so that google is considering blocking (not adding) any co.cc domains to the search index.

Title: Re: NIC.CZ.CC
Post by: kubecj on July 07, 2011, 01:54:48 PM

There's tons of such... cz.cc, co.cc, co.be, ce.ms...

Title: Re: NIC.CZ.CC
Post by: DavidR on July 07, 2011, 02:23:53 PM

Perhaps this is something that we(avast!) should put a flag on those domains and sub-domains in the WebWep, at the least Orange/Yellow for search results, etc. If they really are the devils spawn ;D

Title: Re: NIC.CZ.CC
Post by: Asyn on July 07, 2011, 02:24:47 PM

Quote from: DavidR on July 07, 2011, 01:48:37 PM

I though it was co.cc, which is a hosting service, 2 free sub domains and 15000 sub domains for $1000. This is meant to be where much of the malware hosting is going on; so much so that google is considering blocking (not adding) any co.cc domains to the search index.

True. Btw, it's not only considered, but already done.
http://forum.avast.com/index.php?topic=66267.msg663445#msg663445

Quote

.cc is the country code for the Cocos (Keeling) Islands. The co.cc service is not an official subdomain of .cc, like .co.uk or .org.uk, but a privately registered service. Other users of .cc are not affected; the Arduino.cc domain for the open source electronics platform is not affected by Google's index changes and can still be searched for.