how-to block ads
|
DownTheShore
Maddie Knows Poopie
Premium
join:2003-12-02
Beautiful NJ
clubs:
| Re: Beware these "fake" antispyware programs I use McAfee's free Site Advisor as my first level filter of any Google results. I find it to be pretty good for giving a head's up regarding dodgy sites.
--
Life is simply one damned thing after another. | |
|  | 
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| said by DownTheShore  :I use McAfee's free Site Advisor as my first level filter of any Google results. I find it to be pretty good for giving a head's up regarding dodgy sites. Site reputation and the Russian Business Network
The RBN allegedly owns and/or operates ASNs in the netblock 81.95.144.0/20. SpamHaus has a detailed report on the RBN, and they recommend blocking this entire netblock in their drop list. Krebs also provided a mapping of the RBN network with some address data that corroborates SpamHaus. Here’s a Domain Tools whois report on one of the ASNs inside of it.
Let’s look at a the distribution of categorized URLs and domains in the 8e6 Database from servers hosted in that netblock:
Malcode — 84.08%
BotNets — 5.22%
Porn — 4.62%
ChildPorn — 4.01%
Spyware — 1.34%
Phishing — 0.73%
I didn’t omit anything — that’s the whole list. Yikes! There is literally nothing on the network that has any redeeming value. I’m willing to bet that any IT Admin could legitimately make the case to the business folks that access to this whole netblock should be blocked. (We put all 4096 IPs from the block in our Bad Reputation Domains category.)
Now let’s see what McAfee’s SiteAdvisor has to say about the RBN.
I pulled an active porn site from our list of sites on the RBN. SiteAdvisor gives you the green light, and even gives the thumbs up on an executable hosted on that site. I don’t know about you, but I don’t care if that exe doesn’t hit one of McAfee’s signatures … it’s hosted by the bad guys! I don’t want any of my users to be able to download it.
To illustrate a more insidious problem, I looked up a dead IP in the netblock. As expected, SiteAdvisor shows a grey question mark icon and reports that it has not reviewed this site. While that’s certainly true, it’s not particularly helpful. Personally, I would be inclined not to trust whatever showed up on that IP in the future, because, once again, it’s owned by the bad guys.
I don’t mean to pick on SiteAdvisor; I like the concept behind that service. But my point here is that assessing site reputation is much more than relying on locating infected files and mapping links. It requires a cross-discipline approach, optimally involving data from more than one security vendor or research organization. Look for that from your vendors. Ask them who they’re partnered with and don’t accept the argument that one security vendor’s core competencies are enough to secure your entire infrastructure.
»8e6labs.com/2007/10/17/site-repu···network/
Note:
Russian Business Network: Down, But Not Out
»blog.washingtonpost.com/security···own.html
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ | |
| |
DownTheShore
Maddie Knows Poopie
Premium
join:2003-12-02
Beautiful NJ
clubs:
| Re: Beware these "fake" antispyware programs Just to point out that I didn't say that Site Advisor was the only thing I relied on - I do use my brain, too. One of the rules my brain applies is that all porn sites will most likely do something nasty to my computer, so I simply stay away from them. 
I'm sure that none of these filters are perfect, especially since they just evolve by usage and reports. But they act as a good reminder to pay attention and not to automatically click on a site just because Google brings it up.
--
Life is simply one damned thing after another. | |
| | | 
MarkAW
Barry White or lil bratt
Premium
join:2001-08-27
Canada
 ·Bell Sympatico
 ·Cogeco Cable
1 edit | Re: Beware these "fake" antispyware programs said by DownTheShore :Just to point out that I didn't say that Site Advisor was the only thing I relied on - I do use my brain, too. One of the rules my brain applies is that all porn sites will most likely do something nasty to my computer, so I simply stay away from them. I'm sure that none of these filters are perfect, especially since they just evolve by usage and reports. But they act as a good reminder to pay attention and not to automatically click on a site just because Google brings it up. Well said, i totally agree with you. Being a long time member here has showed me some of the In's and outs of what to look for when it comes to bad-ware and the only reason i posted that i use (Trendprotect) was to help those who are new who use google or what ever search engine to look for help, that there are programs out there that are safe to use that will help you to avoid clicking on those links that take you to these fake antispyware programs, well that and using your head of course.
--
Advertising is legalized lying. - H.G. Wells
Pleasure in the job puts perfection in the work. - Aristotle | |
| | | |
|
