Infected Website Questions

[Silly Me]

I was looking up information on some medication I take and was redirected
to gbdgi.ru.invalid, which triggered a Norton AV alert for the Trojan
ByteVerify in temporary memory. I have added the .invalid suffix to keep
people from inadvertantly going to that site.

Is there a place where they track infected websites? Is there an
organization that forces these sites to clean-up or shut down?

I have added this url to my hosts file, but would like to block all .ru
urls. Does anyone know how to block all Russian websites? I'm using WinXP
Home, Norton Personal Firewall, Firefox browser, Spybot S&D, Ad-Aware,
SpywareBlaster, and WinPatrol.

 

[P. Thompson]

I was looking up information on some medication I take and was redirected
to gbdgi.ru.invalid, which triggered a Norton AV alert for the Trojan
ByteVerify in temporary memory. I have added the .invalid suffix to keep
people from inadvertantly going to that site.

Is there a place where they track infected websites? Is there an
organization that forces these sites to clean-up or shut down?

Basically, if I find an infected web site I email its support or abuse
addresses and those of its upstream provider found via traceroute.
In the US/W Europe this seems to get quick results. Russia/et al your
mileage may vary.

There is no central big brother keeping track of this...

I have added this url to my hosts file, but would like to block all .ru
urls. Does anyone know how to block all Russian websites? I'm using WinXP
Home, Norton Personal Firewall, Firefox browser, Spybot S&D, Ad-Aware,
SpywareBlaster, and WinPatrol.

The problem is that Russian web sites can easily get non .ru addresses and
..ru addresses can be hosted elsewhere from Russia.

Take for instance hxxp://iframedollars.biz/dl/adv433/x.chm (213.159.117.203)
which distributed the Win32/Dkbits/Variant virus.
This is a .biz domain hosted by linkey.ru

Linkey, incidentally, also hosted

hxxp://213.159.98.203/ads/banners/inv.chm
distributed the CHM/Klid.A.Trojan

hxxp://213.159.117.203/dl/loadadv479.exe
distributed the Win32/Dkbits.Variant virus.

The real question is why don't the virus software makers engineer into
their software the ability to look through Internet Extorter
Content.IE5/index.dat files which would allow one to determine the source
of the infection quickly and easily.

I believe the answer is that it would dry up their revenue stream too
quickly if more people had the ability to hold internet providers
responsible for the content they distribute.

 

[Anonymous]

Basically, if I find an infected web site I email its support or abuse
addresses and those of its upstream provider found via traceroute.
In the US/W Europe this seems to get quick results. Russia/et al your
mileage may vary.

There is no central big brother keeping track of this...


The problem is that Russian web sites can easily get non .ru addresses and
.ru addresses can be hosted elsewhere from Russia.

Take for instance hxxp://iframedollars.biz/dl/adv433/x.chm (213.159.117.203)
which distributed the Win32/Dkbits/Variant virus.
This is a .biz domain hosted by linkey.ru

Linkey, incidentally, also hosted

hxxp://213.159.98.203/ads/banners/inv.chm
distributed the CHM/Klid.A.Trojan

hxxp://213.159.117.203/dl/loadadv479.exe
distributed the Win32/Dkbits.Variant virus.

The real question is why don't the virus software makers engineer into
their software the ability to look through Internet Extorter
Content.IE5/index.dat files which would allow one to determine the source
of the infection quickly and easily.

I believe the answer is that it would dry up their revenue stream too
quickly if more people had the ability to hold internet providers
responsible for the content they distribute.

Very informative, thank you.