Google blacklisted all the .cz.cc domains

June 15, 2011David Dede

It seems that Google just blacklisted all the sites under the .cz.cc main domain (including the nic.cz.cc, start.cz.cc and all others). In their status page Google says:

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, cz.cc appeared to function as an intermediary for the infection of 13788 site(s) including uniform-net.jp/, nuxi-navi.com/, flashracingonline.com/.

Has this site hosted malware?

Yes, this site has hosted malicious software over the past 90 days. It infected 47193 domain(s), including razym.ru/, discuss.com.hk/, lnk.by/.

So according to Google, they infected more than 47 thousand domains. It is interesting because in the last few months the .cc TLD has been the most used by attackers, but it seems that Google decided to just blacklist everything (probably by mistake).

You can see this warning, by checking the status page on google for any site ending in .cz.cc: http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http://anysite.cz.cc/ :

What is the current listing status for cz.cc?

Site is listed as suspicious – visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 2907 time(s) over the past 90 days.

We will post more details if we learn back from Google.

About David Dede

David is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

eclipsenet

Trust me, this is warranted
citricsquid

.cz.cc is just a domain some guy bought and gives out free subdomains, much like co.nr *not* like .tk which is an actual TLD.
rvtraveller

uni.cc is also affected by this. http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http://uni.cc/
Nomorepeople

sadly I use this server for demo sites and ideas and its really sad hackers and attackers have really messed it up for the nice guy, the service is not ran by hackers or attackers but they use the domain so much it give the domain a bad name 🙁
Nomorepeople

Or would also like to add that ce.ms domains owned by cz.cc also have been flaged
Worpdress

Dammed, another google bullshit. Some days back Blogger was out, and now this.
Mario

I’m sorry, but my free link site just ranked at 2 by Google. That doesn’t sound like blacklisting to me.
LeighJ

Blast those hackers. Although mines is quite safe. http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http://lynnfolio.cz.cc
Yurez

Nonsence, Absurd, Idiotism!!!
- Winfield11b
  
  Why? Know something we don’t?
- person287
  
  Why. Free domains are a brilliant place for spammers and hackers, exactly why google banned cz.cc and co.cc among others.
J

This site, wykcsem.cz.cc was the source of a trojan attack today – a rare occurrence for me. So wel deserved!
Winfield11b

http://zqfdngprbr.cz.cc/content/1fdp.php?f=30
Threat Severity == High
Threat: JS:Pdfka-gen@bhv:disqus [Expl]

Blocked by Avast! Web Shield @ 0830 Tuesday 20SEP11
me

what is i spend thousand of dollars developing my site. Can i sue google for my money back?
- person287
  
  Surely if you’ve spent thousands of dollars then you’d have bought a £6 domain. I’m not trying to criticise you, it’s just that I haven’t spent any money on my site at all except the domain, and I’m turning a profit.
Hyo

http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http://www.nic.cz.cc
Kamatchikumar

My site has designgeek.cz.cc it has spend lot of money in this site it all of waste
Kemo Basta

Is there any way to solve this?