'Poisoned' Google Search Results Produce Malware

TICTestBox · **Posted:** Wed Nov 28, 2007 12:02 am

Do you trust Google searches? I know I do. Altho I also know what to look for when doing searches for anything.

Last Friday afternoon late, Jr. wanted some Power Ranger coloring pages. Nothing odd, done it about a 100 times in the last few years give or take and printed about 1 million pages for him to color, feels that way at least.

Search I used and results:
http://www.google.com/search?q=power+ra ... f8&oe=utf8

But I noticed right off the bat that most all of the results were from .cn domains, China....huge red flag for me.

As I was on my primary box, I immediately moved over to test box\Sandboxie and began to click.

First link, POW! Prompt for a coded install, site here:
qzrtxrwiuemm.cn/819.html

I then went thru a couple of page results and had two other sites pushed Spy Shredder on me:
vhzxps.in/hr
hxxp://knygxl.in/an

I stopped after a bit, as most seemed to deliver me to a search engine:
hxxp://www.lookuplive.com/

And that page required two clicks of the back button to get back to results page.

Mind you this wasn't any sort of 'misspelled search' either. I typed what I wanted to see.

As the infection showed up in HJT:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8888;https=127.0.0.1:8888;

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: MSVPS System - {A4D00A75-F69A-49FD-9058-AB925712CCFF} - C:\WINDOWS\popnetkqw.dll

O3 - Toolbar: The jokwmp - {AB9235F6-DB9F-4FDC-AAFB-A3BAF1849E34} - C:\WINDOWS\jokwmp.dll

O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe

O21 - SSODL: E404Helper - {a305ecda-5cd1-4e09-9232-cda4e954a297} - e404d.dll (file missing)

O21 - SSODL: rmvgor - {1E0A7717-1CB7-45F2-8216-4E972BBC31F4} - C:\WINDOWS\rmvgor.dll

O21 - SSODL: sapnet - {51C0F601-D985-4174-9BE6-2D99188D6CBE} - C:\WINDOWS\sapnet.dll

Files collected and scanned:

Code:

File ttvbongfl.exe received on 11.25.2007 18:51:16 (CET)
Additional information 
File size: 143360 bytes 
MD5: f8c54b5916b704b0d6c9bb36b5d62cfc 
SHA1: 75b33842e81c2e4ac147d28d45f5536b5ad4179e 


Result: 5/32 (15.63%)

AVG 7.5.0.503 2007.11.25 Downloader.Zlob.NE 
CAT-QuickHeal 9.00 2007.11.24 TrojanDownloader.Zlob.ejq 
Ikarus T3.1.1.12 2007.11.25 Trojan-Downloader.Win32.Zlob.egn 
Kaspersky 7.0.0.125 2007.11.25 Trojan-Downloader.Win32.Zlob.ena 
Microsoft 1.3007 2007.11.25 TrojanDownloader:Win32/Zlob.gen!W 

==============================

File gormet.dll received on 11.25.2007 18:55:50 (CET)
Additional information 
File size: 348160 bytes 
MD5: 04d4a3d6467a8241cd2d7c7ee1fac7f2 
SHA1: 1b5d4ea3b735c331211f98711a0033f34bb800e8 

Result: 5/32 (15.63%)

AntiVir 7.6.0.34 2007.11.23 TR/Zlob.Dll 
Avast 4.7.1074.0 2007.11.23 Win32:Agent-LTS 
AVG 7.5.0.503 2007.11.25 Downloader.Zlob.OC 
Ikarus T3.1.1.12 2007.11.25 Virus.Win32.Agent.LTS 
Webwasher-Gateway 6.0.1 2007.11.25 Trojan.Zlob.Dll 

=========================

File packer.exe received on 11.25.2007 19:01:07 (CET)
File size: 127488 bytes 
MD5: 654bddd78f9c5d3b570b551e5f3caf5d 
SHA1: 73aa37e4e4097ab7d67d97d90c3c889ae2d30e6b 
packers: UPX 
packers: embedded, UPX 
packers: PE_Patch.UPX, UPX 


Result: 4/32 (12.5%)

AntiVir 7.6.0.34 2007.11.23 TR/Delphi.Downloader.Gen 
CAT-QuickHeal 9.00 2007.11.24 (Suspicious) - DNAScan 
DrWeb 4.44.0.09170 2007.11.25 Trojan.AVKill.origin 
Webwasher-Gateway 6.0.1 2007.11.25 Trojan.Delphi.Downloader.Gen 

=======================

File pmkret.dll received on 11.25.2007 19:02:41 (CET)
File size: 283648 bytes 
MD5: c68b4565fdfd9e26c7f460d489c1b21f 
SHA1: 140dc8b2f0a264ebd38a6dde3c306e58cea6e34e 

Result: 2/32 (6.25%)

Ikarus T3.1.1.12 2007.11.25 not-a-virus:AdWare.Win32.Agent.bn 
Norman 5.80.02 2007.11.23 Agent.CUUF 

=====================

File monhop.exe 
File size: 151552 bytes 
MD5: 8e195848bb2756a7c10e6c2b1f416458 
SHA1: 017e2d13f75634a9b932650dca274963595662e2 

Result: 2/32 (6.25%)

AVG 7.5.0.503 2007.11.25 Downloader.Zlob.NA 
BitDefender 7.2 2007.11.25 Adware.NetAdware.BY 

Since I found these sites, and posted at one of the 'back rooms' where many of the big malware vendors have access, Sunbelt Software, makers of CounterSpy have had a couple of detailed write ups here and here.

Too bad I'm not a well oiled research machine as these guys are(not to mention I was nursing a severely pulled calf muscle, had to keep it elevated and stay off it), I may have made a splash had I written this up sooner, especially now that mainstream media sites are picking it up left and right.

And so it goes.

Lesson learned here folks:
Don't just blindly click links, as much as we all want to trust Google, they can't be relied on to catch everything.

TeMerc · **Posted:** Wed Nov 28, 2007 10:20 am

Well it looks like Google has rectified the 'poisoning' that as it turns out, was specifically aimed at Google.

See more here @ Sunbelt Blog

JeanInMontana · **Posted:** Wed Nov 28, 2007 10:43 am

Well I know you have been on this topic for MONTHS since way last summer you have been hunting down bad blogs on Google and getting them shut down.

TeMerc · **Posted:** Wed Nov 28, 2007 11:14 am

JeanInMontana wrote:

Well I know you have been on this topic for MONTHS since way last summer you have been hunting down bad blogs on Google and getting them shut down.

Yeah it would be nice if Google fixed the splog farms too, but this was a different sort of thing. And much more likely to infect alot more users, seeing as so many people use Google search.

I'm just glad I found the tip of the iceberg and the proper authorities were informed and it's been fixed. I'm doing some searches of my own as we speak.

TICTestBox · **Posted:** Wed Nov 28, 2007 11:35 am

And in case anyone is interested, you can block all of Chinas IP addresses, of which I retrieved from IP Address Location.org

Quote:

Have you ever wondered "what is my IP address"?
Or thought about IP block addresses that belong to a specific country?

Maybe you are Looking for IP Address Locations or simple try to find easy way and learn more about protocols and TCP IP?
Have you ever used a web-based IP address lookup tool to find the geographical location of an IP address?
Maybe you are looking for an IP address location or you simply wish to learn more about how networking protocols, like UDP and TCP/IP, work?

We can help with all of this and more.

Using IP Address Location is free. It is the fastest, easiest and most precise way to search and find the exact location of any IP address, OS, DNS, country, country code and contry flag. Furthermore, we have integrated Geolocator and a world map to display your results by city and country. Our IP database is updated every 48 hours so you can be sure the information we provide is up to date.

Our web based IP Lookup tool has analyzed your IP address and and detected next informations about your computer

But I'm sure there is a better way to narrow down this list.....Steven??

Code:

14.0.0 58.25.255.255
30.0.0 58.63.255.255
66.0.0 58.67.255.255
68.128.0 58.68.255.255
82.0.0 58.83.255.255
87.64.0 58.87.127.255
99.128.0 58.101.255.255
116.0.0 58.119.255.255
128.0.0 58.135.255.255
144.0.0 58.144.255.255
154.0.0 58.155.255.255
192.0.0 58.223.255.255
240.0.0 58.255.255.255
32.0.0 59.83.255.255
107.0.0 59.111.255.255
151.0.0 59.151.127.255
155.0.0 59.155.255.255
172.0.0 59.175.255.255
191.0.0 59.191.127.255
191.240.0 60.31.255.255
55.0.0 60.55.255.255
63.0.0 60.63.255.255
160.0.0 60.191.255.255
194.0.0 60.195.255.255
200.0.0 60.223.255.255
232.0.0 60.233.255.255
235.0.0 60.235.255.255
245.128.0 60.245.255.255
247.0.0 60.247.255.255
252.0.0 60.252.255.255
253.128.0 60.253.255.255
255.0.0 60.255.255.255
4.80.0 61.4.95.255
4.176.0 61.4.191.255
8.160.0 61.8.175.255
14.29.8 61.14.29.15
14.29.80 61.14.29.95
28.0.0 61.28.127.255
29.128.0 61.29.255.255
45.128.0 61.45.191.255
47.128.0 61.47.191.255
48.0.0 61.55.255.255
87.192.0 61.87.255.255
128.0.0 61.161.83.67
161.83.69 61.161.155.55
161.155.64 61.191.255.255
216.99.204 61.216.99.207
232.0.0 61.237.255.255
240.0.0 61.243.255.255
159.35.80 62.159.35.95
159.104.192 62.159.104.199
150.129.120 63.150.129.127
162.142.0 63.162.142.255
167.100.192 63.167.100.207
246.132.30 63.246.132.39
246.133.120 63.246.133.127
246.155.184 63.246.155.193
6.231.128 64.6.231.191
34.99.176 64.34.99.191
34.234.0 64.34.234.255
34.250.0 64.34.250.15
49.203.240 64.49.203.247
62.206.224 64.62.206.255
62.238.0 64.62.238.255
62.255.0 64.62.255.255
71.151.96 64.71.151.127
71.172.0 64.71.172.255
127.103.0 64.127.103.7
224.124.225 64.224.124.238
19.134.112 65.19.134.119
19.135.0 65.19.135.255
19.152.0 65.19.152.255
19.188.0 65.19.188.255
110.57.90 65.110.57.99
96.205.205 66.96.205.224
111.53.200 66.111.53.209
118.176.120 66.118.176.127
160.130.0 66.160.130.255
160.162.0 66.160.162.255
95.65.112 69.95.65.119
95.96.0 69.95.96.7
3.166.136 72.3.166.143
32.164.88 72.32.164.95
55.149.64 72.55.149.71
126.237.0 75.126.237.7
146.214.32 80.146.214.39
233.200.160 85.233.200.191
193.40.0 91.193.43.255
196.232.0 91.196.235.255
1.0.0 116.11.255.255
13.0.0 116.13.255.255
16.0.0 116.31.255.255
52.0.0 116.57.255.255
58.128.0 116.58.143.255
58.208.0 116.58.223.255
60.0.0 116.63.255.255
66.0.0 116.66.127.255
69.0.0 116.70.127.255
76.0.0 116.79.255.255
89.144.0 116.89.159.255
90.184.0 116.90.191.255
95.0.0 116.95.255.255
112.0.0 116.117.255.255
128.0.0 116.192.255.255
193.16.0 116.193.63.255
194.0.0 116.196.255.255
198.0.0 116.199.159.255
204.0.0 116.205.255.255
207.0.0 116.211.255.255
212.115.0 116.212.115.255
212.160.0 116.212.175.255
213.64.0 116.213.255.255
214.32.0 116.214.79.255
214.128.0 116.219.255.255
224.0.0 116.239.255.255
242.0.0 116.249.255.255
252.0.0 116.253.255.255
254.128.0 116.254.255.255
255.128.0 116.255.255.255
8.0.0 117.15.255.255
21.0.0 117.45.255.255
48.0.0 117.51.255.255
53.48.0 117.53.63.255
53.176.0 117.53.191.255
57.0.0 117.58.127.255
59.0.0 117.73.255.255
74.64.0 117.74.79.255
74.128.0 117.95.255.255
100.0.0 117.101.255.255
103.16.0 117.103.31.255
103.128.0 117.103.143.255
106.0.0 117.107.255.255
112.0.0 117.119.255.255
120.64.0 117.121.199.255
122.128.0 117.122.255.255
124.0.0 117.191.255.255
24.0.0 118.31.255.255
64.0.0 118.66.255.255
67.112.0 118.67.127.255
72.0.0 118.81.255.255
84.0.0 118.85.255.255
88.32.0 118.89.255.255
91.240.0 118.91.255.255
102.16.0 118.102.31.255
103.240.0 118.103.247.255
112.0.0 118.126.255.255
132.0.0 118.135.255.255
144.0.0 118.147.255.255
178.0.0 118.178.255.255
180.0.0 118.207.255.255
212.0.0 118.213.255.255
0.16.0 121.0.31.255
4.0.0 121.5.255.255
8.0.0 121.43.255.255
46.0.0 121.49.255.255
51.0.0 121.51.255.255
55.0.0 121.55.63.255
56.0.0 121.63.163.143
63.163.152 121.63.163.155
63.163.160 121.63.255.255
68.0.0 121.71.255.255
76.0.0 121.77.255.255
89.0.0 121.89.255.255
100.128.0 121.100.255.255
192.0.0 121.199.255.255
201.0.0 121.201.255.255
204.0.0 121.207.255.255
224.0.0 121.239.255.255
248.0.0 121.251.255.255
255.0.0 121.255.255.255
0.64.0 122.0.255.255
4.0.0 122.15.255.255
48.0.0 122.49.63.255
51.0.0 122.51.255.255
64.0.0 122.97.255.255
102.0.0 122.102.15.255
102.64.0 122.102.95.255
112.0.0 122.115.255.255
119.0.0 122.119.255.255
136.0.0 122.143.255.255
144.128.0 122.144.255.255
152.192.0 122.152.255.255
156.0.0 122.159.255.255
192.0.0 122.195.255.255
198.0.0 122.198.255.255
200.64.0 122.200.127.255
204.0.0 122.207.255.255
224.0.0 122.247.255.255
248.48.0 122.248.63.255
0.128.0 123.0.191.255
4.0.0 123.15.255.255
49.128.0 123.49.255.255
52.0.0 123.98.127.255
99.128.0 123.100.31.255
100.232.0 123.100.232.255
101.0.0 123.101.255.255
103.0.0 123.103.127.255
108.128.0 123.108.143.255
108.208.0 123.108.223.255
112.0.0 123.135.255.255
136.80.0 123.136.95.255
137.0.0 123.139.255.255
144.0.0 123.175.255.255
176.80.0 123.176.95.255
177.0.0 123.191.255.255
196.0.0 123.197.255.255
199.128.0 123.199.255.255
206.0.0 123.207.255.255
232.0.0 123.235.255.255
242.0.0 123.242.127.255
244.0.0 123.247.255.255
249.0.0 123.249.255.255
253.0.0 123.253.255.255
6.64.0 124.6.127.255
14.0.0 124.17.255.255
20.0.0 124.23.255.255
28.192.0 124.29.127.255
31.0.0 124.31.255.255
40.112.0 124.40.191.255
42.0.0 124.42.255.255
47.0.0 124.47.63.255
64.0.0 124.66.127.255
67.0.0 124.79.255.255
88.0.0 124.95.255.255
108.8.0 124.108.15.255
108.40.0 124.108.47.255
112.0.0 124.119.255.255
126.0.0 124.135.255.255
147.128.0 124.147.255.255
156.0.0 124.156.255.255
160.0.0 124.167.255.255
172.0.0 124.175.255.255
192.0.0 124.193.255.255
196.0.0 124.196.255.255
200.0.0 124.207.255.255
220.0.0 124.240.127.255
242.0.0 124.242.255.255
243.192.0 124.243.255.255
248.0.0 124.251.255.255
254.0.0 124.254.63.255
31.192.0 125.47.255.255
58.128.0 125.58.255.255
62.0.0 125.62.63.255
64.0.0 125.98.255.255
104.0.0 125.127.255.255
169.0.0 125.169.255.255
171.0.0 125.171.255.255
208.0.0 125.208.63.255
210.0.0 125.211.255.255
213.0.0 125.213.127.255
215.0.0 125.215.63.255
216.0.0 125.223.255.255
254.128.0 125.254.255.255
196.0.0 134.196.255.255
243.224.0 147.243.255.255
226.0.0 159.226.255.255
58.177.232 161.58.177.232
58.187.144 161.58.187.147
207.0.0 161.207.255.255
105.0.0 162.105.255.255
111.0.0 166.111.255.255
139.0.0 167.139.255.255
160.0.0 168.160.255.255
83.122.0 192.83.122.255
124.154.0 192.124.154.255
137.31.0 192.137.31.255
188.170.0 192.188.170.255
220.112.0 193.220.112.255
110.69.0 194.110.69.255
117.101.45 194.117.101.45
117.101.55 194.117.101.55
117.103.43 194.117.103.43
117.103.58 194.117.103.58
117.103.78 194.117.103.79
117.103.120 194.117.103.120
117.103.123 194.117.103.123
117.103.150 194.117.103.150
117.103.154 194.117.103.155
117.103.181 194.117.103.181
117.103.189 194.117.103.189
117.103.195 194.117.103.195
117.103.206 194.117.103.206
117.103.215 194.117.103.215
117.103.218 194.117.103.219
117.103.230 194.117.103.230
117.119.101 194.117.119.101
112.167.20 195.112.167.23
112.167.56 195.112.167.59
112.167.84 195.112.167.87
112.167.156 195.112.167.163
112.177.20 195.112.177.23
112.177.32 195.112.177.35
112.177.124 195.112.177.127
112.191.12 195.112.191.12
17.7.0 198.17.7.255
3.210.0 199.3.210.127
0.110.0 202.0.110.255
2.144.64 202.2.144.127
4.128.0 202.4.159.255
4.252.0 202.4.255.255
8.128.0 202.8.159.255
10.64.0 202.10.79.255
14.88.0 202.14.88.255
14.235.0 202.14.238.255
20.120.0 202.20.120.255
22.248.0 202.22.255.255
38.0.0 202.38.15.255
38.64.0 202.38.143.255
38.146.0 202.38.147.255
38.149.0 202.38.150.255
38.152.0 202.38.156.255
38.158.0 202.38.161.255
38.164.0 202.38.177.255
38.184.0 202.38.255.255
41.142.0 202.41.142.255
41.152.0 202.41.159.255
41.240.0 202.41.255.255
43.144.0 202.43.159.255
46.32.0 202.46.63.255
46.224.0 202.46.239.255
60.112.0 202.60.127.255
63.248.0 202.63.251.255
69.4.0 202.69.7.255
69.16.0 202.69.31.255
70.0.0 202.70.31.255
70.161.0 202.70.175.255
74.8.0 202.74.15.255
75.208.0 202.75.223.255
77.170.48 202.77.170.63
85.208.0 202.85.223.255
89.21.0 202.89.21.255
90.0.0 202.90.3.255
90.224.0 202.90.239.255
90.252.0 202.91.3.255
91.128.0 202.91.131.255
91.176.0 202.91.191.255
91.224.0 202.92.3.255
92.252.0 202.93.3.255
93.252.0 202.94.31.255
95.0.0 202.95.31.255
95.252.0 202.120.24.223
120.25.0 202.122.7.255
122.32.0 202.122.39.255
122.64.0 202.122.95.255
122.112.0 202.122.119.255
122.128.0 202.122.128.255
123.96.0 202.123.111.255
124.24.0 202.124.27.255
125.176.0 202.125.191.255
127.0.0 202.127.7.255
127.12.0 202.127.31.255
127.40.0 202.127.63.255
127.112.0 202.127.167.255
127.192.0 202.127.255.255
130.0.0 202.130.31.255
130.224.0 202.130.255.255
131.16.0 202.131.23.255
131.48.0 202.131.63.255
131.208.0 202.131.223.255
136.48.0 202.136.63.255
136.208.0 202.136.239.255
141.160.0 202.141.191.255
142.16.0 202.142.31.255
143.16.0 202.143.31.255
148.96.0 202.148.127.255
149.160.0 202.149.191.255
149.224.0 202.149.255.255
150.16.0 202.150.31.255
152.176.0 202.152.191.255
153.48.0 202.153.63.255
158.160.0 202.158.191.255
160.176.0 202.160.191.255
164.0.0 202.164.15.255
165.96.0 202.165.111.255
165.176.0 202.165.191.255
165.208.0 202.165.223.255
168.160.0 202.168.191.255
170.128.0 202.170.159.255
170.216.0 202.170.223.255
173.8.0 202.173.15.255
173.224.0 202.173.255.255
176.224.0 202.176.255.255
179.240.0 202.179.255.255
180.128.0 202.180.159.255
181.112.0 202.181.127.255
189.80.0 202.189.95.255
192.0.0 202.192.241.255
192.243.0 202.207.255.255
18.50.0 203.18.50.255
79.0.0 203.79.15.255
80.144.0 203.80.159.255
81.16.0 203.81.31.255
83.56.0 203.83.63.255
86.0.0 203.86.95.255
88.32.0 203.88.63.255
88.192.0 203.88.223.255
89.0.0 203.89.3.255
90.0.0 203.90.3.255
90.128.0 203.90.223.255
91.32.0 203.91.63.255
91.96.0 203.91.111.255
91.120.0 203.91.127.255
92.0.0 203.92.3.255
92.160.0 203.92.191.255
93.0.0 203.94.31.255
95.0.0 203.95.7.255
95.96.0 203.95.127.255
98.201.0 203.98.201.255
98.205.32 203.98.205.47
98.205.168 203.98.205.175
98.207.0 203.98.207.7
98.207.80 203.98.207.111
98.209.128 203.98.209.191
98.210.0 203.98.210.15
98.210.96 203.98.210.103
98.213.24 203.98.213.31
98.213.176 203.98.213.183
99.16.0 203.99.31.255
99.80.0 203.99.95.255
100.32.0 203.100.47.255
100.80.0 203.100.127.255
100.192.0 203.100.207.255
110.160.0 203.110.191.255
118.192.0 203.118.223.255
119.24.0 203.119.35.255
128.32.0 203.128.63.255
128.96.0 203.128.127.255
130.32.0 203.130.63.255
132.32.0 203.132.63.255
134.240.0 203.134.247.255
135.96.0 203.135.127.255
135.160.0 203.135.175.255
142.12.0 203.142.13.255
148.0.0 203.148.63.255
152.64.0 203.152.95.255
156.192.0 203.156.255.255
158.16.0 203.158.23.255
161.192.0 203.161.223.255
166.160.0 203.166.191.255
171.224.0 203.171.239.255
174.7.0 203.174.7.255
174.96.0 203.174.127.255
175.128.0 203.175.159.255
175.192.0 203.175.255.255
176.168.0 203.176.175.255
184.80.0 203.184.95.255
187.160.0 203.187.191.255
190.96.0 203.190.111.255
191.16.0 203.191.31.255
191.64.0 203.191.127.255
191.144.0 203.191.159.255
192.0.0 203.192.31.255
194.139.159 203.194.139.190
196.0.0 203.196.7.255
207.64.0 203.208.19.255
208.32.0 203.208.63.255
209.224.0 203.209.255.255
212.0.0 203.212.15.255
212.80.0 203.212.95.255
222.44.168 203.222.44.175
222.166.96 203.222.166.103
222.166.192 203.222.166.255
222.167.56 203.222.167.63
222.167.128 203.222.167.143
222.174.200 203.222.174.207
222.176.244 203.222.177.71
222.177.104 203.222.177.111
222.177.192 203.222.177.255
222.182.96 203.222.182.111
222.182.144 203.222.182.159
222.187.176 203.222.187.183
73.60.96 206.73.60.127
73.91.32 206.73.91.95
73.195.64 206.73.195.95
73.210.96 206.73.210.127
73.227.64 206.73.227.127
73.246.32 206.73.246.47
168.117.160 206.168.117.175
182.199.208 206.182.199.215
182.200.128 206.182.200.191
182.221.112 206.182.221.127
182.221.192 206.182.221.255
222.2.184 206.222.2.191
222.7.216 206.222.7.223
117.165.0 207.117.165.255
150.160.30 207.150.160.39
150.169.200 207.150.169.209
209.206.128 207.209.206.255
18.90.0 208.18.90.255
50.243.8 209.50.243.15
51.198.144 209.51.198.151
51.209.64 209.51.209.71
51.221.40 209.51.221.47
93.110.0 209.93.110.127
93.112.128 209.93.112.255
93.114.128 209.93.114.191
93.178.0 209.93.178.160
93.184.192 209.93.184.255
93.189.0 209.93.191.255
93.194.64 209.93.194.127
93.236.104 209.93.236.111
93.238.128 209.93.238.255
93.240.128 209.93.240.255
2.0.0 210.2.31.255
5.0.0 210.5.31.255
5.144.0 210.5.159.255
12.0.0 210.13.255.255
14.64.0 210.14.95.255
14.112.0 210.15.191.255
16.128.0 210.16.191.255
21.0.0 210.22.255.255
23.32.0 210.23.63.255
25.0.0 210.31.210.3
31.210.8 210.47.255.255
51.0.0 210.53.255.255
56.192.0 210.56.223.255
72.0.0 210.78.255.255
79.64.0 210.79.127.255
79.224.0 210.79.255.255
82.0.0 210.83.255.255
87.128.0 210.87.191.255
185.192.0 210.185.255.255
192.96.0 210.192.127.255
64.0.0 211.71.255.255
80.0.0 211.103.255.255
136.0.0 211.167.255.255
63.181.28 212.63.181.31
63.181.40 212.63.181.47
63.181.76 212.63.181.79
63.181.140 212.63.181.143
63.181.180 212.63.181.187
63.181.200 212.63.181.203
63.181.224 212.63.181.227
63.183.4 212.63.183.4
63.183.9 212.63.183.10
63.183.15 212.63.183.15
63.183.19 212.63.183.19
63.183.23 212.63.183.23
63.183.28 212.63.183.28
63.183.58 212.63.183.58
63.183.62 212.63.183.62
63.183.64 212.63.183.64
63.183.68 212.63.183.68
63.183.212 212.63.183.219
63.183.228 212.63.183.231
184.11.112 212.184.11.119
94.105.0 216.94.105.255
94.116.128 216.94.116.255
110.34.96 216.110.34.103
139.183.80 216.139.183.87
158.143.65 216.158.143.128
158.147.1 216.158.147.255
179.192.0 216.179.199.255
195.41.0 216.195.41.255
198.215.32 216.198.215.63
218.168.16 216.218.168.31
8.101.0 217.8.101.255
243.166.64 217.243.166.71
244.15.128 217.244.15.191
0.0.0 218.31.255.255
56.0.0 218.99.255.255
104.0.0 218.109.255.255
185.192.0 218.185.223.255
192.0.0 218.207.255.255
240.0.0 218.247.255.255
249.0.0 218.249.255.255
72.0.0 219.72.255.255
82.0.0 219.82.255.255
128.0.0 219.159.255.255
216.0.0 219.239.255.255
242.0.0 219.247.255.255
101.192.0 220.101.255.255
112.0.0 220.115.255.255
152.128.0 220.152.255.255
154.0.0 220.155.255.255
160.0.0 220.207.255.255
231.0.0 220.231.63.255
231.128.0 220.231.255.255
232.64.0 220.232.127.255
234.0.0 220.234.255.255
242.0.0 220.243.255.255
248.0.0 220.252.255.255
0.0.0 221.12.191.255
13.0.0 221.15.255.255
122.0.0 221.123.255.255
129.0.0 221.131.255.255
133.224.0 221.133.255.255
136.0.0 221.137.255.255
172.0.0 221.183.255.255
192.0.0 221.199.207.255
199.224.0 221.239.255.255
16.0.0 222.95.255.255
125.0.0 222.125.255.255
126.128.0 222.126.255.255
128.0.0 222.143.255.255
160.0.0 222.163.255.255
168.0.0 222.223.255.255
240.0.0 222.249.255.255

MysteryFCM · **Posted:** Wed Nov 28, 2007 4:20 pm

As I mentioned in the IM, you could convert the IP ranges into CIDR ranges, which would considerably shorten the list ....... but it would take a bit of time to do such.

You can do such using;

http://jodies.de/ipcalc

/edit

or ....

http://ip2cidr.com/
http://www.kgsoft.com/products/iprange2cidr/

TeMerc · **Posted:** Thu Nov 29, 2007 11:07 am

Looks like the RBN gang have just upped the ante on Google 'poisoning'.

Sunbelt has discovered a new campaign, with two different 'groups'.

Quote:

...we’re seeing indications that another attack may be on the way. We have seen another spate of websites freshly registered, using the similar .cn domains. There seem to be two different groups here.

Sunbelt Blog

TeMerc · **Posted:** Fri Nov 30, 2007 8:16 am

Sandi Hardmeier has an excellent write up about Googles attemtpt to try to get regular users to report malicious sites.

Her analogy:

Quote:

If Google wants to fight the bad guys one site at a time, then all power to them .. I sure as hell hope they have a hell of a lot of manpower behind them - they're gonna need it. Consider the analogy of the elephant and the ant. The elephant is massive - the ant is miniscule, but the elephant is one, and the ants are millions. A swarm of ants can overwhelm anything if they put their minds to it,even the elephant. Now replace "elephant" with "Google" and "malicious web sites" with "ants". I think you see my point.

Spyware Sucks blog

'Poisoned' Google Search Results Produce Malware

Who is online

Who is online

Who is online
	In total there is 1 user online :: 0 registered, 0 hidden and 1 guest (based on users active over the past 5 minutes) Most users ever online was 115 on Tue Jul 13, 2010 5:32 pm Users browsing this forum: No registered users and 1 guest