Tag Archive: google


Searching For Exploit Kits

A unique trick to searching Exploit Kits on Google is to use the following query: “* exploit kit.zip”.

This searches for all websites with the content of (any characters) exploit kit.zip, not case sensitive. This search provides the best results. For a more specific, yet less knowledgeable result, replace the star (*) with the name of the exploit kit you wish to download. For example: “Crimeware exploit kit.zip”.

Keep hunting,
~!Donovan

WRI Official Site

The World Resources Institute, or WRI for short, has a sub-domain, namely cait, that is blacklisted by Google with the “This site may be compromised” tag. Details about this tag can be found on various sources.

Google Search of WRI CAIT

Google Return For WRI CAIT

WRI CAIT Official Site

WRI CAIT Official Site

So, why exactly is Google warning us? Lets look at the urlQuery results. First thing we notice is a redirect to the main domain. Lets look at the header’s return:
CAIT WRI Get ResponseFirst, we know that this is a 302 redirect to the target page of CAIT from the official site. Second, they use an outdated version of Apache. The latest stable release was version 2.4.2 released 2012-04-17. But what is the offending content that this site return? The suspicious element I found is below:

WRI CAIT init4q function

Which returns..

CAIT WRI init4q function Return

Notice the site name. Detected by two at urlVoid. If you check the history you notice that these are the same results from two months ago. There isn’t really anything on the site however, not even close to a site. Could be associated with phishing.

Outdated sites are more likely to get hacked,
~!Donovan