0x0e.org | pentesting perspective

braindump on pentesting, QA, metasploit, constant learning

Google is the new AV.

leave a comment »

Doing a little research on an exploit, i came across SecurityDot.Net. Google provided the link. However, when i clicked on it, i got this:

Of the 174 pages we tested on the site over the past 90 days, 4 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-09-11, and the last time suspicious content was found on this site was on 2009-09-11.Malicious software includes 2 trojan(s), 1 exploit(s). Successful infection resulted in an average of 3 new process(es) on the target machine.

Malicious software is hosted on 5 domain(s), including odile-marco.com/, google-analyze.org/, 213.163.89.0/.

This site was hosted on 1 network(s) including AS25220 (GLOBALNOC).

Also, when i tried to browse to the site directly, i got this:

Which turns out to be a built-in interface for the same google-stopbadware database.

Note that it was indeed a drive-by attack site. But is it’s google’s job to protect me when i click on a malicious link?
Advertisements

Written by jcran

September 13, 2009 at 9:56 PM

Posted in Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: