Site Reviews by Gary Chevsky in the Norton Safe Web community Sun Feb 12 05:17:17 +0000 2012 http://safeweb.norton.com/profile/Gary%20Chevsky I just got a bank of america pathetic looking scam pointing me to http://bankofamerica.com.uplookinfo.net/SecureAccountUpdates/ Very cheesy. Sat, 18 Jul 2009 12:49:54 +0000 http://safeweb.norton.com/report/show?url=uplookinfo.net When I went to another site that apparently contained "elements" from toksikoza.net,Google Chrome threw up a block page, saying that toksikoza.net can harm my computer. Sun, 01 Feb 2009 08:14:01 +0000 http://safeweb.norton.com/report/show?url=toksikoza.net The fake Yahoo page is clearly seen at http://users.xplornet.com/~sylfiset/yahoo.html Fri, 07 Nov 2008 05:55:04 +0000 http://safeweb.norton.com/report/show?url=xplornet.com I mistyped youtube.com and ended up on this typosquatting site -- nothing but useless sponsored links. Typical web parasite. Fri, 07 Nov 2008 05:52:18 +0000 http://safeweb.norton.com/report/show?url=yotube.com Normal personal site maintained by Rowan Trollope from Symantec, but does it have all the safety precautions - who knows? I've never had a problem on it. Tue, 23 Sep 2008 16:28:23 +0000 http://safeweb.norton.com/report/show?url=rowantrollope.com trying to capture traffic destined for www.askkids.com (Ask.com's kids site) Tue, 23 Sep 2008 11:02:12 +0000 http://safeweb.norton.com/report/show?url=askids.com I was trying to go to www.mynortonaccount.com, Norton's website for managing user accounts, and accidentally added an "s" at the end of mynortonaccount, and boom! - I ended up on a page full of ad links (ka "sponsored listings") and got a popup (that IE7 blocked). This site is a useless parasite. Thu, 11 Sep 2008 17:32:11 +0000 http://safeweb.norton.com/report/show?url=mynortonaccounts.com Not sure if it's really completely safe, but it is very popular (#1 social networking site in Russia and amongst Russians around the world) Wed, 27 Aug 2008 08:01:48 +0000 http://safeweb.norton.com/report/show?url=odnoklassniki.ru Reputable and well-known site, but its download section may contain malicious downloads. Wed, 27 Aug 2008 07:56:15 +0000 http://safeweb.norton.com/report/show?url=pcworld.com This site (IP address) is used for Google cache -- i.e. that is where they store copies of pages they crawled. Some of those pages contain malicious content that existed on the original pages. Tue, 26 Aug 2008 09:09:48 +0000 http://safeweb.norton.com/report/show?url=209.85.141.104 I got to this site through a blog article about online file storage. This site is supposed to provide storage for online backup. It managed to get past my popup blocker and give me a popup ad. I was also alerted by presence of broken graphics on their home page, and javascript warning in my Internet Explorer 6. I then closed all my browsers, re-started both Firefox 2 and IE6, and open the site in both of them. FF seemed to be ok, but IE6 immediately got a Javascript error (access denied to some file), though this time I didn't get popups or broken images. Sun, 03 Aug 2008 08:08:49 +0000 http://safeweb.norton.com/report/show?url=boxstr.com Hosted by blogger.com (a Google site) Tue, 29 Jul 2008 09:19:09 +0000 http://safeweb.norton.com/report/show?url=chevsky.com This is a test site for illustration purpose, to show how easy it is for a malicious site owner to add a browser exploit that will crash your browser with just a few Javascript commands. This site doesn't deliver any actual malware, but with a little more hacking, it could. Mon, 28 Jul 2008 15:38:10 +0000 http://safeweb.norton.com/report/show?url=lyricsbonanza.com A unsolicited "downloader" program automatically gets dropped on your computer when you visit the home page. Mon, 28 Jul 2008 15:13:32 +0000 http://safeweb.norton.com/report/show?url=anna-kournikova.org This is just a domain full of sponsored links (ads) and popup ads. The domain is for sale. Useless site. Tue, 22 Jul 2008 17:27:15 +0000 http://safeweb.norton.com/report/show?url=safeweb.org DriveCleaner is actually so well known in the annals of dodgy software that Symantec has a threat named after it "DriveCleaner" detailed here: http://www.symantec.com/avcenter/cgi-bin/virauto.cgi?vid=4294907031. The program makes misleading claims about the threats on your computer, thus urging you to purchase full protection from them. Don't think it actually harms you or the computer, but sure is annoying. Tue, 22 Jul 2008 15:46:34 +0000 http://safeweb.norton.com/report/show?url=drivecleaner.com Dogpile.com is one of the best known metasearch web sites - meaning: it searches multiple search engines at once. Its toolbar has historically been marked by Symantec as "trackware" because it tracks (and presumably reports back to Dogpile) where the user goes on the internet. That compromises your privacy, but I don't think it's harms you or your computer. Plus, the user doesn't have to install their toolbar. Sat, 19 Jul 2008 21:25:37 +0000 http://safeweb.norton.com/report/show?url=dogpile.com I mistyped www.stumbleupon.com, and ended up on this site -- nothing but sponsored listings there (i.e. ads). Wed, 16 Jul 2008 22:29:25 +0000 http://safeweb.norton.com/report/show?url=sumbleupon.com blogs.babycenter.com/momformation section apparently hosts user generated browser exploits. The dangerous section is accessible from the main domain www.babycenter.com. The question is -- does the main domain deserve to be convicted or just the subdomain? I think I will advise caution. Sat, 12 Jul 2008 13:07:12 +0000 http://safeweb.norton.com/report/show?url=babycenter.com This is Apple's online backup and file synchronization service - "MobileMe". The site is not malicious, but web.mac.com subdomain hosts user uploaded content - accessible through links on the mac.com site. The user uploaded content can contain malware, so stay away from other people's content. Sat, 12 Jul 2008 11:58:13 +0000 http://safeweb.norton.com/report/show?url=mac.com This site preys on users who mistype the name of the well known brand "Symantec.com" The site displays a bunch of sponsored links. Useless site that takes advantage of users and Symantec. Tue, 01 Jul 2008 06:30:22 +0000 http://safeweb.norton.com/report/show?url=symante.com Looking at the registrant information for this site, it's a "Domain Privacy Service", hosted out of Germany, along with over 6500 other domains hosted on the same IP address. Surely, the real symantec store would not be co-hosted with so many other sites. In addition, the names of the domain name servers are NS1.SEDOPARKING.COM, etc -- a name like "Sedo parking" suggests that this indeed a domain parker site. More info can be looked up here: http://whois.domaintools.com/shopsymantec.com Mon, 16 Jun 2008 21:18:49 +0000 http://safeweb.norton.com/report/show?url=shopsymantec.com What's the point of rating google.com -- it's a famous "no do evil" company and site. Mon, 14 Apr 2008 08:46:06 +0000 http://safeweb.norton.com/report/show?url=google.com TechCrunch published this on April 8: http://www.techcrunch.com/2008/04/08/network-solutions-hijacking-unassigned-sub-domains/ So everyone knows that domain registrars "park" domains, i.e. when you register a domain, but before you actually host your site there, they "steal" the traffic to that domain. Now, Network Solutions goes to the next level. A pretty astounding questionable business practice by Network Solutions - the well known domain registrar. If you register a domain with them, even if you host a site there, if a user goes to a subdomain like, say, somesubdomain.yourdomain.com, that doesn't actually exist, rather than saying that this doesn't resolve to anything, Network Solutions will grab the subdomain and automatically generate an ad-filled (MFA) page, so they make money off that page. Evil genius! Sat, 12 Apr 2008 12:23:50 +0000 http://safeweb.norton.com/report/show?url=networksolutions.com download.com is one of the most well known trusted download services on the internet. That said, it doesn't guarantee that software distributed through there is completely malware free or is otherwise totally kosher. The site does provide ratings by the users which can give you more confidence when deciding to download a file. I would trust it, but still think carefully what you download from there. Fri, 04 Apr 2008 18:58:49 +0000 http://safeweb.norton.com/report/show?url=download.com I did a local search, and was sent to the official site of the Spice Island restaurant in Mountain View: http://www.spiceislandscafe.com/ It has obviously been taken over by a domain parked parasite. Hate those. Not sure if this is officially just a domain park or a domain park + auto-generated ad content -- either way, this stuff is bad and is all over the internet. Mon, 29 Oct 2007 18:28:25 +0000 http://safeweb.norton.com/report/show?url=spiceislandscafe.com Sat, 01 Sep 2007 00:00:00 +0000 http://safeweb.norton.com/report/show?url=payasatpal.com I got a parking ticket for parking at a BART station for too long - $25. On the ticket that was left on my car's windshield, it had an address of a website where I could pay for it online -- www.ticketwizard5000.com. Hm... I thought - what kind of official goverment site is that? - just looking at the name. Maybe some offline phisher created an official looking bart violation ticket with the url of their phish site? That'd be a clever scam - I thought. Then I went to the site, and it looks like complete amaterish design, very unprofessional looking. Hm... I thought again. Then I saw the https in the url, and lock icon in the status bar. I double-clicked on the lock icon and it said certificate is good, and gave the name of a certificate authority XRamp Security Services GS CA. The certificate path mentioned some names that I did not recognize either. Also, the web page itself said that it was secured by the Equifax Certificate - I saw no mention of Equifax on the certificate itself though. Hm... I kept thinking. The site prompted me to enter the violation # and time, and when I did, it showed me details about my violation, as well as my car registration info (this was a pretty assuring sign, finally, but I wasn't fully convinced or comfortable yet). Then I went to a search engine and searched for "ticketwizard5000", and then I saw various other sites mentioning the ticketwizard5000 site, all actually talking about that being a place where one could pay for BART violations. Most importantly, I saw that www.bart.gov <http: /> itself mentioned the ticketwizard5000 site as the place to pay online. With that knowledge, I had enough confidence to go back to ticketwizard5000 and enter my name, address, phone, and credit card info that they requested. Of course, if I had Identity Defender, I would have opted to give them a one-time credit card, authorized only for the amount up to $30. So there you go - I gave them my info - and I *hope* that everything was legit. But it sure was a somewhat disconcerting experience that wasted me 15 min. Tue, 01 May 2007 13:50:12 +0000 http://safeweb.norton.com/report/show?url=ticketwizard5000.com