Hi forum friends,
Another issue with aforementioned site is the “references to 1 suspicious domain found”, e.g.:
http://www.google.com/safebrowsing/diagnostic?site=www.wallpaperseek.com
In general establishing a URL to be either suspicious or malcious comes into various categories.
- Sites with a good web rep and generally being well-hosted became victims because of security holes, unpatched software and bad security procedures. These sites can be cleansed or the malware can be taken down to not longer respond.
- Second category is the bad sites being maintained by the baddies. These should be blocked continously and blacklisted. Also known as malcious sites out on the so-called “Eternal List”.
- Those that evade detection and are always complying and after being closed down or taken down take up shop somewhere else and migrate to further spawn their ever changing malcode (criminal bot sites, fraudulent sites etc.)
- Others that were specially set up to go under the radar and undetected (semi-official, official, black hat),
Some av solutions are better with blacklisting and actuality of blacklisting status than others. For instance Bitdefender is better as paretologic, that is always running behind the facts. DrWeb flags results that others cannot find. Some av is better at heuristic scanning. Some are particular good at scanning malscript like malicious JS (avast, sucuri, jsunpack).
The user now also knows why malware domain host listings cannot be trusted to be actually representing the situation or status of that particular URL. Actual scanning and going to the code on an individual basis sometimes is the only way out to establish the sites’ definite status,
polonus