Koffix's Web Site Inclusion Criteria
A web site will be included in Koffix if any of the following criterias match:
- SITE exploits security holes in the operating system or in its accompanying software. Content is downloaded from SITE during a security hole exploit. SITE triggers a security hole by iframing, pop-ups, etc. SITE appears in system settings changed during a security hole exploit. Internal code: EXPLOITRELATED.
- Site exploits the Microsoft Internet Explorer ITS Protocol Zone Bypass Vulnerability. Internal code: MSITS.
- SITE hosts content that is classified - by some anti-virus or anti-spyware program - as a trojan, worm, virus, dialer, spyware, etc. Internal code: HOSTSBADCONTENT.
- SITE is contacted by a trojan, worm, virus, dialer, spyware, etc for the purpose of downloading some data, reporting home, etc. Internal code: USEDBYBAD.
- settings/software in a end user's computer are non-consensually changed/installed to redirect/send the user to SITE or more generally promoting SITE. Internal code: NOCONSCHANGE.
- software is non-consensually downloaded to an end user's computer from SITE. Internal code: NOCONSDOWNLOAD.
- SITE appears as a "trusted site" on end users' computers. Internal code: TRUSTEDZONE.
- SITE has been used in phishing attempts.
- SITE promoted in forum spam. Characteristics are: off-topic posts, the same post appearing at more than one forum, multiple posts done during a short period of time. Internal code: FORUMSPAM.
- SITE promoted in email spam. Characteristics are: Unsolicited e-mails, often of commercial nature. Internal code: EMAILSPAM.