Trend Micro advises users to avoid wikileaks.info

James Delahunty
17 Dec 2010 2:37

Trend Micro's TrendLabs blog has posted some information on a website that is redirected to from Wikileaks.org.
At present, the Wikileaks.org domain domain redirects to mirror.wikileaks.info, which is hosted on IP address 92.241.190.202. This IP address is registered to Heihachi Ltd, and this is where TrendLabs has put up a flag and felt the need to write about it.

While the site doesn't contain any malware, the TrendLabs blog regards the presence of the WikiLeaks mirror in this neighborhood as disturbing.

Heihachi Ltd. is known as a bulletproof, blackhat-hosting provider in Russia that is a safe haven for criminals and fraudsters. It hosts a long list of criminally related domains. Among these domains are banking fraud domains, carders’ (criminals who trade stolen credit card information) websites, malware sites, and phishing sites. No matter what your political view is, this is rather disturbing.


Due to the provider that the Wikileaks mirror has, Trend Micro's Smart Protection Network automatically assigns a very low reputation score to the domain name wikileaks.info. This is not in protest to the content that Wikileaks is hosting, rather it is an automatic response to the provider which TrendLabs alleges also hosts sites like paypal-securitycenter.com, carders.kz, idchecking.ir (phishing), and postbank-sicherung.com.

We don't know whether wikileaks.org has perhaps been compromised or whether WikiLeaks is knowingly getting services from a blackhat provider. Either way, we assess the wikileaks.info domain as highly risky and we do not recommend visiting this site as long as it is hosted by Heihachi Ltd.


Source: TrendLabs Malware Blog

UPDATE: Wikileaks.info has responded to similar warnings made by Spamhaus with the following statement...

Spamhaus' False Allegations Against wikileaks.info

Published 15-Dec-2010, 8:00 AM GMT

On Tuesday, 14-Dec-2010 Spamhaus has issued a statement wherein it labels wikileaks.info as "unsafe", as they consider our hosting company as a malware facilitator:

http://www.spamhaus.org/news.lasso?article=665

We find it very disturbing that Spamhaus labels a site as dangerous without even checking if there is any malware on it. We monitor the wikileaks.info site and we can guarantee that there is no malware on it. We do not know who else is hosted with Heihachi Ltd and it is none of our business. They provide reliable hosting to us. That's it.

While we are in favour of "Blacklists", be it for mail servers or web sites, they have to be compiled with care. Just listing whole IP blocks as "bad" may be quick and easy for the blacklist editors, but will harm hosters and web site users.

Wikileaks has been pulled from big hosters like Amazon. That's why we are using a "bulletproof" hoster that does not just kick a site when it gets a letter from government or a big company. Our hoster is giving home to many political sites like castor-schottern.org and should not be blocked just because they might have hosted some malware sites.

Fortunately, more responsible blacklists, like stopbadware.org (which protects the Firefox browser, for example), don't list us. We do hope that Spamhaus hasn't issued this statement due to political pressure.

Wikileaks.info will always be safe and clean. Promised:

Google Safe Browsing Check for wikileaks.info

Update (15-Dec-2010 17:00 PM GMT): Spamhaus has updated their statement to say that they don't blacklist us.

The wikileaks.info Team


Source: http://wikileaks.info/press/spamhaus-false-allegations-against-wikileaks.html

More from us
Tags
wikileaks Trend Micro
We use cookies to improve our service.