rebuts malware warnings

Spamhaus and Trend Micro regard a Web site that lists mirrors of WikiLeaks sites as dangerous to visit, but contends that its site has no malware., a site assisting WikiLeaks' effort to share U.S. war information and diplomatic cables, is rebutting online security organizations' warnings that its Web site could be dangerous to visit. provides a list of sites that mirror the original WikiLeaks content, and in recent days the main Web site has redirected visitors to the mirror page. has grown in importance because of others' moves two weeks ago that made it difficult to reach and led its operators to resurface at, a Swiss domain.

Spamhaus, a nonprofit volunteer organization that seeks to curtail spam, phishing, botnets for network attacks, and malware, issued a "malware warning" yesterday for "is hosted in a very dangerous 'neighborhood,' Webalta's IP address space, a 'blackhat' network which Spamhaus believes caters primarily to, or is under the control of, Russian cybercriminals," Spamhaus said. "Our concern is that any Wikileaks archive posted on a site that is hosted in Webalta space might be infected with malware. Since the main website now transparently redirects visitors to and thus directly into Webalta's controlled IP address space, there is substantial risk that any malware infection would spread widely." strenuously objected to the warning today.

"We find it very disturbing that Spamhaus labels a site as dangerous without even checking if there is any malware on it. We monitor the site and we can guarantee that there is no malware on it," the site said. is only "very loosely" affiliated with the official WikiLeaks effort, a representative told CNET. "In, fact we were caught [by] surprise on last Saturday as we all of a sudden had 1 million hits per day on our Web site. The switch"--when WikiLeaks began redirecting visitors to the official site to"was not discussed with us."

Spamhaus' services for tracking dangerous domains are widely used globally, so the warning carries significant weight. And although Spamhaus said it "takes no political stand on the WikiLeaks affair," its actions pose a further difficulty for those allied with WikiLeaks' cause.

WikiLeaks editor Julian Assange was arrested last week in the U.K. for possible extradition to Sweden, where he faces allegations of sex crimes. Assange denies the alleged crimes. A British judge ruled he could go free on bail yesterday, but prosecutors are appealing that decision. The prosecutors' challenge is expected to be heard tomorrow, according to Reuters.

More directly related to WikiLeaks' mission is the possibility of prosecution in the United States for violation of the Espionage Act.

Spamhaus also warned that is relying on, "a provider run 'by criminals for criminals,'" for Domain Name Service (DNS) needs. DNS is a technology that converts the Web addresses people type into the numeric Internet addresses computers actually use to communicate.

Here again, objected.

"We do not know who else is hosted with Heihachi Ltd and it is none of our business. They provide reliable hosting to us. That's it," said on its Web site.

WikiLeaks is concerned about its reputation. "That's why we contacted Spamhaus to find out if they could remove us from the list," the representative told CNET. Spamhaus hasn't responded, according to the Web site. selected its services to avoid further problems with interrupted Net service, the site said. "WikiLeaks has been pulled from big hosters like Amazon. That's why we are using a 'bulletproof' hoster that does not just kick a site when it gets a letter from government or a big company," the site said.

Spamhaus is not alone in its concern. On Sunday, security company Trend Micro also warned of the connection.

"Heihachi Ltd. is known as a bulletproof, blackhat-hosting provider in Russia that is a safe haven for criminals and fraudsters. It hosts a long list of criminally related domains. Among these domains are banking fraud domains, carders' (criminals who trade stolen credit card information) websites, malware sites, and phishing sites. No matter what your political view is, this is rather disturbing," Trend Micro senior threat researcher Feike Hacquebord said. "We assess the domain as highly risky and we do not recommend visiting this site as long as it is hosted by Heihachi."

Updated 7:17 a.m. PTwith comments from

A view of the site today.
A view of the site today. Screenshot by Stephen Shankland/CNET
Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Roku 4: Our favorite TV streaming system gets 4K video and a remote locator

Ever lose your remote in the couch cushions? Ever wish you could stream 4K Netflix without having to use your TV's built-in app? Roku's new high-end player, the $129 Roku 4, brings these new extras to its best-in-class streaming ecosystem.

by David Katzmaier