search

VernonStow / Filterlist

Blocklist for websites likely to be harmful or annoying, meant to supplement mainstream blocklists.
6 stars 1 forks source link

Grayware domain report - `logicalrecord.com` #4

Closed iam-py-test closed 3 years ago

iam-py-test commented 3 years ago

What domain are you submitting?

logicalrecord.com

Why are you submitting this domain?

This domain is a known browser hijacker. I found it on this Reddit thread: https://www.reddit.com/r/techsupport/comments/l0y6ee/searchlogicalrecordcom_has_infected_my_computer/. VirusTotal scan: https://www.virustotal.com/gui/url/c50ff92631c4ce63e1ca0332f741442cfcd5dd9b32cc0aa211fdbc982dc045a0/detection https://www.fortiguard.com/webfilter?q=logicalrecord.com I found this report about it as well, although I think the Reddit OP was on Windows: https://www.pcrisk.com/removal-guides/16326-logicalsearch-adware-mac

Proposed filter: logicalrecord.com$all, as this will alert people to the fact that they are infected, and block infection even if strict blocking is disabled.

How does this comply with criteria?

This domain comply with the criteria because it is:

  1. Blocklisted by Fortinet
  2. This malware adds ads into your browser (which probably evade uBlock Origin)
  3. This malware also collects user data without their knowledge
  4. The article continues to say that this adware

    redirects users to sale-based, untrustworthy, compromised, deceptive/scam and malicious sites

  5. The ads have drive-by-downloads (yes - this can get worse)

    Some [of the injected ads] can even execute scripts designed to download/install unwanted or malicious content, without users' permission.

VernonStow commented 3 years ago

The domain is currently offline, but Fortiguard lists it as malicious as of 2021-Apr-17: https://www.fortiguard.com/webfilter?q=search.logicalrecord.com