javascript that is autoloaded and executed by Firefox

jd1008 jd1008 at gmail.com
Wed May 6 22:26:41 UTC 2015 

Safe Browsing

/Diagnostic page for/googleusercontent.com

*What is the current listing status for googleusercontent.com?*

    This site is not currently listed as suspicious.

*What happened when Google visited this site?*

    Of the 1866724 pages we tested on the site over the past 90 days,
    5271 page(s) resulted in malicious software being downloaded and
    installed without user consent. The last time Google visited this
    site was on 2015-05-06, and the last time suspicious content was
    found on this site was on 2015-05-06.
    Malicious software includes 35571 trojan(s), 30826 exploit(s), 1773
    scripting exploit(s).
    Malicious software is hosted on 8 domain(s), including douglas.de/
    <http://www.google.com/safebrowsing/diagnostic?site=douglas.de/>,
    google.com/
    <http://www.google.com/safebrowsing/diagnostic?site=google.com/>,
    douglas.ch/
    <http://www.google.com/safebrowsing/diagnostic?site=douglas.ch/>.
    This site was hosted on 1 network(s) including AS15169 (GOOGLE)
    <http://www.google.com/safebrowsing/diagnostic?site=AS:15169>.

*Has this site acted as an intermediary resulting in further 
distribution of malware?*

    Over the past 90 days, googleusercontent.com appeared to function as
    an intermediary for the infection of 4 site(s) including
    startbusinesscoaching.com.au/
    <http://www.google.com/safebrowsing/diagnostic?site=startbusinesscoaching.com.au/>,
    crpcoutreach.blogspot.com/
    <http://www.google.com/safebrowsing/diagnostic?site=crpcoutreach.blogspot.com/>,
    businesscoachinstitute.com.au/
    <http://www.google.com/safebrowsing/diagnostic?site=businesscoachinstitute.com.au/>.

*Has this site hosted malware?*

    Yes, this site has hosted malicious software over the past 90 days.
    It infected 3999 domain(s), including googleapis.com/
    <http://www.google.com/safebrowsing/diagnostic?site=googleapis.com/>, v4download.com/
    <http://www.google.com/safebrowsing/diagnostic?site=v4download.com/>, vfastdownload.com/
    <http://www.google.com/safebrowsing/diagnostic?site=vfastdownload.com/>.

    ======================================================

    *So, it is not currecntly suspicious???
    It installs malware, and it is not currently considered as suspicious???
    WTF???

    What's worse, is that
    https://www.mywot.com/en/scorecard/googleusercontent.com
    consideres it's trustworthiness as excellent.


    *

More information about the freebsd-questions mailing list