WikiLeaks.info rebuts malware warnings

Spamhaus and Trend Micro regard a Web site that lists mirrors of WikiLeaks sites as dangerous to visit, but WikiLeaks.info contends that its site has no malware.

Stephen Shankland Former Principal Writer
Stephen Shankland worked at CNET from 1998 to 2024 and wrote about processors, digital photography, AI, quantum computing, computer science, materials science, supercomputers, drones, browsers, 3D printing, USB, and new computing technology in general. He has a soft spot in his heart for standards groups and I/O interfaces. His first big scoop was about radioactive cat poop.
Expertise Processors, semiconductors, web browsers, quantum computing, supercomputers, AI, 3D printing, drones, computer science, physics, programming, materials science, USB, UWB, Android, digital photography, science. Credentials
  • Shankland covered the tech industry for more than 25 years and was a science writer for five years before that. He has deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and more.
Stephen Shankland
3 min read

WikiLeaks.info, a site assisting WikiLeaks' effort to share U.S. war information and diplomatic cables, is rebutting online security organizations' warnings that its Web site could be dangerous to visit.

WikiLeaks.info provides a list of sites that mirror the original WikiLeaks content, and in recent days the main WikiLeaks.org Web site has redirected visitors to the WikiLeaks.info mirror page. WikiLeaks.info has grown in importance because of others' moves two weeks ago that made it difficult to reach WikiLeaks.org and led its operators to resurface at WikiLeaks.ch, a Swiss domain.

Spamhaus, a nonprofit volunteer organization that seeks to curtail spam, phishing, botnets for network attacks, and malware, issued a "malware warning" yesterday for WikiLeaks.info.

WikiLeaks.info "is hosted in a very dangerous 'neighborhood,' Webalta's IP address space, a 'blackhat' network which Spamhaus believes caters primarily to, or is under the control of, Russian cybercriminals," Spamhaus said. "Our concern is that any Wikileaks archive posted on a site that is hosted in Webalta space might be infected with malware. Since the main wikileaks.org website now transparently redirects visitors to mirror.wikileaks.info and thus directly into Webalta's controlled IP address space, there is substantial risk that any malware infection would spread widely."

WikiLeaks.info strenuously objected to the warning today.

"We find it very disturbing that Spamhaus labels a site as dangerous without even checking if there is any malware on it. We monitor the wikileaks.info site and we can guarantee that there is no malware on it," the WikiLeaks.info site said.

WikiLeaks.info is only "very loosely" affiliated with the official WikiLeaks effort, a WikiLeaks.info representative told CNET. "In, fact we were caught [by] surprise on last Saturday as we all of a sudden had 1 million hits per day on our Web site. The switch"--when WikiLeaks began redirecting visitors to the official WikiLeaks.org site to WikiLeaks.info--"was not discussed with us."

Spamhaus' services for tracking dangerous domains are widely used globally, so the warning carries significant weight. And although Spamhaus said it "takes no political stand on the WikiLeaks affair," its actions pose a further difficulty for those allied with WikiLeaks' cause.

WikiLeaks editor Julian Assange was arrested last week in the U.K. for possible extradition to Sweden, where he faces allegations of sex crimes. Assange denies the alleged crimes. A British judge ruled he could go free on bail yesterday, but prosecutors are appealing that decision. The prosecutors' challenge is expected to be heard tomorrow, according to Reuters.

More directly related to WikiLeaks' mission is the possibility of prosecution in the United States for violation of the Espionage Act.

Spamhaus also warned that WikiLeaks.info is relying on Heihachi.net, "a provider run 'by criminals for criminals,'" for Domain Name Service (DNS) needs. DNS is a technology that converts the Web addresses people type into the numeric Internet addresses computers actually use to communicate.

Here again, WikiLeaks.info objected.

"We do not know who else is hosted with Heihachi Ltd and it is none of our business. They provide reliable hosting to us. That's it," WikiLeaks.info said on its Web site.

WikiLeaks is concerned about its reputation. "That's why we contacted Spamhaus to find out if they could remove us from the list," the WikiLeaks.info representative told CNET. Spamhaus hasn't responded, according to the WikiLeaks.info Web site.

WikiLeaks.info selected its services to avoid further problems with interrupted Net service, the site said. "WikiLeaks has been pulled from big hosters like Amazon. That's why we are using a 'bulletproof' hoster that does not just kick a site when it gets a letter from government or a big company," the site said.

Spamhaus is not alone in its concern. On Sunday, security company Trend Micro also warned of the Heihachi.net connection.

"Heihachi Ltd. is known as a bulletproof, blackhat-hosting provider in Russia that is a safe haven for criminals and fraudsters. It hosts a long list of criminally related domains. Among these domains are banking fraud domains, carders' (criminals who trade stolen credit card information) websites, malware sites, and phishing sites. No matter what your political view is, this is rather disturbing," Trend Micro senior threat researcher Feike Hacquebord said. "We assess the wikileaks.info domain as highly risky and we do not recommend visiting this site as long as it is hosted by Heihachi."

Updated 7:17 a.m. PT with comments from WikiLeaks.info.

A view of the WikiLeaks.info site today.
A view of the WikiLeaks.info site today. Screenshot by Stephen Shankland/CNET