Is xorg.pl Safe?

This domain is included in at least 10 different blacklists as of 15 June 2010 according to URLVoid: ***** http://www.urlvoid.com/scan/xorg.pl From Google's current report for this domain (quoted here because it changes often): "Part of this site was listed for suspicious activity 1827 time(s) over the past 90 days. ... Of the ***** pages we tested on the site over the past 90 days, 11 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-06-17, and the last time suspicious content was found on this site was on ***** Malicious software includes 41840 scripting exploit(s), 8430 trojan(s), 2 exploit(s). Successful infection resulted in an average of 2 new process(es) on the target machine. Malicious software is hosted on 7 domain(s), including deryam .biz/, taiping2030 .3322.org/, potomac ***** 3 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including invisionresources .pl/, taiping2030 .3322.org/, potomac ***** ... Over the past 90 days, xorg .pl appeared to function as an intermediary for the infection of 8236 site(s) including xzdj .gov.cn/, turkotek .com/, ywchina .cn/. ... Yes, this site has hosted malicious software over the past 90 days. It infected 13001 domain(s)..." See the current Google Safe Browsing report at http://www.google.com/safebrowsing/diagnostic?site=xorg.pl See also the site's rating and reviews on McAfee SiteAdvisor and Symantec's Norton Safe Web: http://www.siteadvisor.com/sites/xorg.pl http://safeweb.norton.com/report/show?name=xorg.pl See also previous reports of mine from March 2009 and March 2010 that reference this domain: ***** *****

The only way to stay away from this domain is to block the domain, not any individual host in the domain. Use some sort of pattern matching engine to do that. This domain is not quite what you think it is. You can use either the hosts that somebody has in a hosts file or randomly pick some random series of alphanumeric characters and generate some IP addresses. Currently you will get IP address ***** That is NOT where the threat lies. It uses an algorithm in a front end host and dynamic IP addresses are used. Some of them are ***** and ***** There are others but I have saw enough of the WorldStream network that the police in the Netherlands need to seize all of the computer equipment on that network and do a thorough forensic analysis. This does NOT mean that the people there are doing it. They are more likely to be the victims. But it is just so totally owned that shutting it down for a while and analyzing everything and bringing all the hosts back up fresh with up to date software needs to be done. The other IP address is in the STARNETMD in Moldova but I have saw IP addresses in Germany and other places. But for now the only thing you need to know is that the hosts in a hosts file are a waste of time. The only thing that will protect you is something like this which is in my PAC filter: BadDomains[i++] = ".xorg.pl"; or if you use Firefox with AdBlockPlus or AdMuncher on Windows is an equivalent type of rule in ABP (add yourself, the malware subscription is a joke) or some other pattern matching engine. I must hasten to add that NAV will call my PAC filter a virus. How do I know? Because I just installed NAV over the weekend and it said so. I DEMAND THAT SYMANTEC SHOW ME WHY MY PAC FILTER IS MALWARE! It has already caused one person to remove the PAC filter with them in full panic mode. If you ask me it is just like NAV for years demanding the removal of the block of ***** and ***** from a blocking hosts file. Those hosts are their spy aliases in the Omniture domain and Symantec knows it. Now they are doing it again with my PAC filter. I am compiling the addresses as I go but it is slow going. IOW, these hackers are long on knowledge or networking and short on making decent scripts (they are adequate and get the job done). I have actually conversed with the hackers via email with them playing the innocent to the hilt. You don't want a host in this domain coming at you but the only way to do that is to block the entire domain.

Rogue domain hosting provider highly used by cybercriminals (spammers, phishers and malware distributors) for the registration of fake subdomains used for pushing all sort of badware and badness. ***** is associated with: ***** ***** ***** , all abused in the same manner!