Blog
Previous Posts
January 2007| 01/26/2007 | Company Information Leakage and Web Search » |
| 01/23/2007 | What's In A Link » |
| 01/12/2007 | New MySpace Phish using CSS. » |
| 01/04/2007 | Multi-hack...defaced site hosting Phish. » |
| 01/02/2007 | MOTW: "Skype" Trojan Analysis » |
+ December 2006
+ November 2006
+ October 2006
+ September 2006
+ August 2006
We are not the only ones who follow these practices. Results from search engines, such as Google, are heavily influenced by which sites have linked to the search result. Other web security vendors, such as McAfee's SiteAdvisor, base their decisions in part by which sites link to each other. Unfortunately, we are increasingly discovering that just because a reputable site links to another site, it does not necessarily mean that the link can be trusted.
Earlier today, one of our miners detected a perfect example of this when potentially malicious material was discovered on a website. This website might have automatically been classified as malicious; however, several reputable websites - including Microsoft.com - linked to the website.
Further investigation revealed that the domain name at one time belonged to a legitimate company. However, their domain registration expired and a nefarious individual quickly snapped up the domain. It gave us a friendly reminder that we cannot always trust a website on the Internet, no matter who vouches for them.
Microsoft Security Bulletin (from 2001):
Hijacked Website:
