(The quickest way to register)

Forum

Dear visitor! The webpage is only available in English. We're sorry for the inconvenience.
  1. User picture
    • tinfoil on Sun 27 Sep 2009
    • 11:17:21 AM UTC

    Ziddu.com

    Ziddu.com is a fairly popular file-sharing/hosting site; however, I have discovered several things which merit a very poor rating.

    My first reason; viruses. I had heard about problems with viruses on Ziddu.com, so I scanned it with AVG; nothing was detected. Upon actually accessing the site, with NoScript turned off, I was automatically given 6 blank, unnamed, seemingly corrupted .pdf files. These were harmless, but very hard to remove. After this, a larger file began downloading; I disconnected then to prevent it completing. These files were automatically downloaded when I accessed the homepage ziddu.com; they were not part of any user download.

    Secondly; pay-per-click/pay-per-download systems. Although no formal law has been passed, these are illegal in my country, and are most likely frowned upon in America. Ziddu seems to be running one.

    With both these things to consider, I do not know why Ziddu.com continues to have mostly dark green ratings.

    Inactive.

Comments:

  2. User picture
    • BobJam (not verified) on Mon 28 Sep 2009
    • 07:50:46 AM UTC

    hpHosts?

    I see the score card lists it as being on hpHosts for being "engaged in the distribution of malware". The listing was dated September of 2009.

    Steven, has it been delisted in the past few days or is that listing still current? Have they requested to be delisted?

    I probably should know this, but does your listing automatically inform the webmaster that the site is on the list? I mean, could they make a claim that they "didn't know" (which is certainly not an excuse for hosting malware anyway.)
    • User picture
      • MysteryFCM on Mon 28 Sep 2009
      • 05:22:36 PM UTC

      ....

      It's not been delisted, no, and because there's no simple way to determine an owners real contact e-mail address, there's nothing in place to do such.

      Regards
      Steven Burn
      Ur I.T. Mate Group / hpHosts
      it-mate.co.uk / hosts-file.net
  3. User picture
    • tinfoil on Mon 28 Sep 2009
    • 04:05:44 PM UTC

    If it's any help, here's

    If it's any help, here's hpHosts' entry.
    http://hosts-file.net/default.asp?s=ziddu.com
  4. User picture
    • tinfoil on Mon 28 Sep 2009
    • 05:29:27 PM UTC

    Is there any way to get more

    Is there any way to get more users to vote it red?
  5. User picture
    • amishrabbit on Mon 28 Sep 2009
    • 09:49:06 PM UTC

    Very aggressive background ad-clicking script

    I've seen the kinds of behavior exhibited by ziddu.com before. Rarely do you see this kind of behavior on a legitimate website.

    The site serves a lot of ads. They are loaded in the background by scripts which spawn iframes, which load more scripts, and all of those just query ad servers as fast as technically possible.

    To test this, I opened up the site in a controlled environment: in the IE browser running in a VMWare guest. I also had a packet sniffer running both inside and outside of the VMWare session, logging the traffic.

    My first test lasted about 36 seconds. I only opened the browser window to that site, nothing more. In that time, the browser pulled down 505 HTTP calls to various ad serving sites. That's about 14 ad calls per second for the entire test. In the end, I decided to pull the virtual plug on the VMWare NIC and do a little post-analysis.

    In particular, the iframe loading script which comes from hxxp://ad.globe7.com/st?ad_type=iframe appears to be the source of a lot of problems. A second analysis, just loading this script, generates 552 HTTP GETs in a period of 40 seconds, then the script freezes. 167 of those GET calls include the string "iframe" in the url query string.

    I'm now in the process of trying to register with the site, but simply clicking through each new page on the site causes the initial ad call php script to run again. I'm at a point where the VM has had its CPU pegged at 100% for more than 7 minutes continuously because IE is so tied up with scripts. I'm about ready to give up.

    Periodically, you get an ad server on which space has been purchased by someone with malicious intent. The ad call spawns a link which goes to a site hosting some sort of exploit kit. The exploit kit attempts to use various means to foist malware onto the targeted system, including the use of deliberately modified PDF and SWF files which take advantage of known exploits in unpatched versions of Adobe Reader and Flash, respectively.

    I didn't see that happen in the 36 seconds I tested the site, but that was more than enough for me to decide that this site does not earn my trust. What appears to be happening is massive clickfraud, not from Ziddu, but from one or more of its ad serving partners. Given sufficient time, a malicious ad call is almost inevitable under such circumstances.
    • User picture
      • tinfoil on Tue 29 Sep 2009
      • 03:32:14 PM UTC

      Thank you. By turning

      Thank you. By turning Adblock off and checking ad links, I should be able to find out which advertising networks it's using.
  6. User picture
    • tinfoil on Tue 29 Sep 2009
    • 03:42:36 PM UTC

    Other than Ziddu's own

    Other than Ziddu's own advertising network and Google Ads, a site at ad.globe7.com seems to be serving ads to Ziddu. I'll look it up.

    Edit: ad.globe7.com is rated red by WOT as anj adware and malware site; its host, globe7.com, is the host of some kind of fake "PC telephone" program that contains viruses. I think that it's safe to assume that we've found the problem.
  7. User picture
    • g7w on Thu 01 Oct 2009
    • 02:03:44 AM UTC

    re: ziddu.com

    page loaded with a VIRUS:
    JS/Dldr.Agent.VI [virus]

    then immediately redirected me to:
    motionscannervir.com

    Naturally...

    84.45.63.21
    ziddu.com
    comwww.ziddu.com
    downloads.ziddu.com
    email.ziddu.com
    http3a2f2fuploads.ziddu.com
    http3a2f2fwww.ziddu.com
    uploads.ziddu.com

    213.163.64.81
    motionscannervir.com
    antivir-freescan.com
    best-topscanner.com
    mail.antivir-freescan.com
    mail.best-topscanner.com
    mail.motionscannervir.com
    mail.yesfreescan.com
    ns1.antivir-freescan.com
    ns1.best-topscanner.com
    ns1.motionscannervir.com
    ns1.rupoconexo.com
    ns1.signanda.net
    ns1.yesfreescan.com
    ns2.motionscannervir.com
    rupoconexo.com
    signanda.net
    yesfreescan.com

    Thanks for bringing this domain to the Forum.
    :-)

    -------
    WOT Services Ltd. - gives us safety through Web of Trust.
    WOT Community - gives us security through unity.
    Thank you all
    - G7W
  8. User picture
    • Havends on Fri 02 Oct 2009
    • 11:38:28 AM UTC

    It has recently been serving

    It has recently been serving so many ads and all. I think that it once used to be a 'not bad' kind of file-hosting site. The main problem that existed with it was that it didn't scan files that were uploaded to it's servers. Anyway, now that there are lots of better choices for an internet user, Ziddu.com will soon die out by itself.
    ________________________________________________

    Let's make the Internet a better place to browse.
    WeJudgeUs, because none can judge us better than ourselves. :)
    • User picture
      • tinfoil on Sat 03 Oct 2009
      • 11:05:04 AM UTC

      Thank you for the

      Thank you for the information!
      It is still green, so I'd like a few more rates, if possible.
      • User picture
        • Havends on Sat 03 Oct 2009
        • 12:42:29 PM UTC

        I have changed my Rating (I

        I have changed my Rating (I had rated it green long ago) and Commented.
        ___________________________________________

        Let's make the Internet a better place to browse.
        WeJudgeUs - because none can judge us better than ourselves. :)
  9. User picture
    • tinfoil on Sun 04 Oct 2009
    • 01:06:38 PM UTC

    Just tried to access again;

    Just tried to access again; was, again, given several strange .pdf's. These, however, were deleted simply by sending to the Recycle Bin and emptying as usual. This time, they came from worwink.com, not ziddu.com.
    http://safeweb.norton.com/report/show?name=worwink...
    http://www.siteadvisor.com/sites/worwink.com/summa...
    https://msmvps.com/blogs/spywaresucks/archive/2009...
    And of course, http://www.mywot.com/en/scorecard/worwink.com