Russian Cyber-Criminals Currently Hosting Real Wikileaks Website: Spamhaus
Spamhaus the outfit that tracks spam is cautioning that wikileaks.org the actual web-address of WikiLeaks is currently diverting traffic onto an online site namely Webalta that Russian cyber-criminals are apparently operating.
Says Spamhaus, the IP address 188.8.131.52/19 of Webalta now appears on the SBL (Spamhaus Block List) starting October 2008 because it was observed to be involved in sinister activities.
The outfit also describes the Russia-based Webalta alternatively called Wahome as "blackhat" a familiar host for cyber-crime because it has seen Webalta's IP space solely involved in virus/malware hosting, spamming, phishing as well as other dubious operations.
Further according to Spamhaus, it's worried that any file from WikiLeaks that's loaded onto a website, which Webalta hosts, may have malware.
The key wikileaks.org site currently diverts users onto mirror.wikileaks.info from where they're taken straight onto the IP domain that Webalta controls. Consequently, malware infection may proliferate profusely, Spamhaus fears.
Spamhaus further observes that anything on mirror.wikileaks.info isn't the same as the content of the actual WikiLeaks mirrors meaning WikiLeaks itself mayn't be controlling the wikileaks.info website, instead some other entity may be doing it.
Says Spamhaus, the actual website can be found at wikileaks.nl, wikileaks.is, wikileaks.ch as well as other mirror websites. Spamhaus.org published this on December 14, 2010.
Here it merits mention that WikiLeaks.info strongly protested the alert which Spamhaus raised.
Stated a wikileaks.info website that it was extremely upsetting that Spamhaus included a website to its 'dangerous sites' list before even verifying whether malicious software really existed on it. According to it, the wikileaks.info online site was regularly monitored and it could be guaranteed that the site was free of any malware. Cnet.com published this on December 14, 2010.
Additionally a representative of WikiLeaks.info stated that there was an extremely loose affiliation of WikiLeaks.info with the original WikiLeaks initiative. Indeed it was very surprising to find the latest development on December 11, 2010 since there were unexpectedly 1m visits daily to the wikileaks.info site, he said. There was no notification to WikiLeaks.info about the switch i.e. WikiLeaks starting to divert users accessing the authorized wikileaks.org website onto wikileaks.info, the representative explained.
Related article: Russian Hackers Break into NOAA to Push Pills
» SPAMfighter News - 28-12-2010