AfterDawn: Tech news

Trend Micro advises users to avoid wikileaks.info

Written by James Delahunty (Google+) @ 17 Dec 2010 2:37 User comments (11)

Trend Micro advises users to avoid wikileaks.info Trend Micro's TrendLabs blog has posted some information on a website that is redirected to from Wikileaks.org.
At present, the Wikileaks.org domain domain redirects to mirror.wikileaks.info, which is hosted on IP address 92.241.190.202. This IP address is registered to Heihachi Ltd, and this is where TrendLabs has put up a flag and felt the need to write about it.

While the site doesn't contain any malware, the TrendLabs blog regards the presence of the WikiLeaks mirror in this neighborhood as disturbing.

Heihachi Ltd. is known as a bulletproof, blackhat-hosting provider in Russia that is a safe haven for criminals and fraudsters. It hosts a long list of criminally related domains. Among these domains are banking fraud domains, carders (criminals who trade stolen credit card information) websites, malware sites, and phishing sites. No matter what your political view is, this is rather disturbing.


Due to the provider that the Wikileaks mirror has, Trend Micro's Smart Protection Network automatically assigns a very low reputation score to the domain name wikileaks.info. This is not in protest to the content that Wikileaks is hosting, rather it is an automatic response to the provider which TrendLabs alleges also hosts sites like paypal-securitycenter.com, carders.kz, idchecking.ir (phishing), and postbank-sicherung.com.

We don't know whether wikileaks.org has perhaps been compromised or whether WikiLeaks is knowingly getting services from a blackhat provider. Either way, we assess the wikileaks.info domain as highly risky and we do not recommend visiting this site as long as it is hosted by Heihachi Ltd.


Source: TrendLabs Malware Blog

UPDATE: Wikileaks.info has responded to similar warnings made by Spamhaus with the following statement...

Spamhaus' False Allegations Against wikileaks.info

Published 15-Dec-2010, 8:00 AM GMT

On Tuesday, 14-Dec-2010 Spamhaus has issued a statement wherein it labels wikileaks.info as "unsafe", as they consider our hosting company as a malware facilitator:

http://www.spamhaus.org/news.lasso?article=665

We find it very disturbing that Spamhaus labels a site as dangerous without even checking if there is any malware on it. We monitor the wikileaks.info site and we can guarantee that there is no malware on it. We do not know who else is hosted with Heihachi Ltd and it is none of our business. They provide reliable hosting to us. That's it.

While we are in favour of "Blacklists", be it for mail servers or web sites, they have to be compiled with care. Just listing whole IP blocks as "bad" may be quick and easy for the blacklist editors, but will harm hosters and web site users.

Wikileaks has been pulled from big hosters like Amazon. That's why we are using a "bulletproof" hoster that does not just kick a site when it gets a letter from government or a big company. Our hoster is giving home to many political sites like castor-schottern.org and should not be blocked just because they might have hosted some malware sites.

Fortunately, more responsible blacklists, like stopbadware.org (which protects the Firefox browser, for example), don't list us. We do hope that Spamhaus hasn't issued this statement due to political pressure.

Wikileaks.info will always be safe and clean. Promised:

Google Safe Browsing Check for wikileaks.info

Update (15-Dec-2010 17:00 PM GMT): Spamhaus has updated their statement to say that they don't blacklist us.

The wikileaks.info Team


Source: http://wikileaks.info/press/spamhaus-false-allegations-against-wikileaks.html

Previous Next  

11 user comments

117.12.2010 2:54

Smells like bullshit.

217.12.2010 3:01

Originally posted by hikaricor:
Smells like bullshit.
I wouldn't think so. TrendLabs blog is usually a very good source to keep an eye on, one of many I do. It has nothing to do with Wikileaks itself, just the provider. If AfterDawn were on the provider the same thing would happen to it.

317.12.2010 3:57

Google's 'Heihachi ltd'...




IMPORTANT: If you hate Sony for being so corrupt, copy this image into your signature too!

417.12.2010 4:19

This makes perfect sense and is in no way suspicious. The US government has pressured hosting providers and domain name controllers to withdraw their services from Wikileaks, given also the ongoing DDOS onslaught that Wikileaks is weathering it makes perfect sense for them to find a provider that can resist both political and technical attacks on them.

517.12.2010 5:51

Something tells me Trend is getting DDOS'd.



617.12.2010 6:04

For fairness and balance, the article should also present the statements of the other side:

Wikileaks.info Press Release

Quote:
Spamhaus' False Allegations Against wikileaks.info

Published 15-Dec-2010, 8:00 AM GMT

On Tuesday, 14-Dec-2010 Spamhaus has issued a statement wherein it labels wikileaks.info as "unsafe", as they consider our hosting company as a malware facilitator:

http://www.spamhaus.org/news.lasso?article=665

We find it very disturbing that Spamhaus labels a site as dangerous without even checking if there is any malware on it. We monitor the wikileaks.info site and we can guarantee that there is no malware on it. We do not know who else is hosted with Heihachi Ltd and it is none of our business. They provide reliable hosting to us. That's it.

While we are in favour of "Blacklists", be it for mail servers or web sites, they have to be compiled with care. Just listing whole IP blocks as "bad" may be quick and easy for the blacklist editors, but will harm hosters and web site users.

Wikileaks has been pulled from big hosters like Amazon. That's why we are using a "bulletproof" hoster that does not just kick a site when it gets a letter from government or a big company. Our hoster is giving home to many political sites like castor-schottern.org and should not be blocked just because they might have hosted some malware sites.

Fortunately, more responsible blacklists, like stopbadware.org (which protects the Firefox browser, for example), don't list us. We do hope that Spamhaus hasn't issued this statement due to political pressure.

Wikileaks.info will always be safe and clean. Promised:

Google Safe Browsing Check for wikileaks.info

Update (15-Dec-2010 17:00 PM GMT): Spamhaus has updated their statement to say that they don't blacklist us.

The wikileaks.info Team
Thanks for taking note.

wikileaks.info team

717.12.2010 11:31

Definition: Corporatism -Political system in which power is exercised through large organizations (businesses, trade unions, etc) working in concert with each other, under the direction of the state


Definition: Fascism- A radical and authoritarian nationalist political ideology. Fascists seek to organize a nation on corporatist perspectives; values; and systems such as the political system and the economy.

817.12.2010 13:10

Why can't I find this host on Wikipedia? They seem pretty well known to not have a Wikipedia page...

917.12.2010 16:33

Originally posted by wikileaksinfo:
For fairness and balance, the article should also present the statements of the other side:

Wikileaks.info Press Release

Quote:
Spamhaus' False Allegations Against wikileaks.info

Published 15-Dec-2010, 8:00 AM GMT

On Tuesday, 14-Dec-2010 Spamhaus has issued a statement wherein it labels wikileaks.info as "unsafe", as they consider our hosting company as a malware facilitator:

http://www.spamhaus.org/news.lasso?article=665

We find it very disturbing that Spamhaus labels a site as dangerous without even checking if there is any malware on it. We monitor the wikileaks.info site and we can guarantee that there is no malware on it. We do not know who else is hosted with Heihachi Ltd and it is none of our business. They provide reliable hosting to us. That's it.

While we are in favour of "Blacklists", be it for mail servers or web sites, they have to be compiled with care. Just listing whole IP blocks as "bad" may be quick and easy for the blacklist editors, but will harm hosters and web site users.

Wikileaks has been pulled from big hosters like Amazon. That's why we are using a "bulletproof" hoster that does not just kick a site when it gets a letter from government or a big company. Our hoster is giving home to many political sites like castor-schottern.org and should not be blocked just because they might have hosted some malware sites.

Fortunately, more responsible blacklists, like stopbadware.org (which protects the Firefox browser, for example), don't list us. We do hope that Spamhaus hasn't issued this statement due to political pressure.

Wikileaks.info will always be safe and clean. Promised:

Google Safe Browsing Check for wikileaks.info

Update (15-Dec-2010 17:00 PM GMT): Spamhaus has updated their statement to say that they don't blacklist us.

The wikileaks.info Team
Thanks for taking note.

wikileaks.info team
Thanks. Added it to the end of the article.

Originally posted by KillerBug:
Something tells me Trend is getting DDOS'd.
Trend is not an enemy of Wikileaks in any way so I'd doubt it and even if it was, security firms like Trend Micro are under constant attack from malware peddlers etc. anyway. The reason Trend blocks the entire ISP is because its a huge source for "real" criminal organizations online, unfortunately for Wikileaks it doesn't seem to have any other choice for hosting anymore. I guess there could be some kind of exclusion list for certain sites hosted by a particular ISP though.

1017.12.2010 17:06

wikileaks has been in the news a lot, i guess the government is trying to crack down on it from all them documents released. I say Go for Gold wikileaks, sharing is caring :P

1117.12.2010 22:47

Originally posted by Dela:
The reason Trend blocks the entire ISP is because its a huge source for "real" criminal organizations online, unfortunately for Wikileaks it doesn't seem to have any other choice for hosting anymore. I guess there could be some kind of exclusion list for certain sites hosted by a particular ISP though.
The only problem with that is that wikileaks has their own IP and their own dedicated fiber lines. They are completely disconnected from the rest of that vault as far as anyone outside the vault can tell. If trend is claiming that they are blocking Wikileaks because another site on another IP address contains malware, then they might as well block every site, including their own.


Comments have been disabled for this article.

News archive