Security researchers warn that a highly trafficked unofficial WikiLeaks mirror is hosted by a Russian ISP known as a safe haven for cybercriminal gangs.
Following the publication of leaked US State Department cables, WikiLeaks was kicked out by Amazon and EveryDNS from their respective networks.
In order to ensure that the organization's online presence is not disrupted again, volunteers have mirrored its website on hundreds of servers located around the world.
During this ostracization process the main WikiLeaks.org domain was caught in an ownership dispute and it's still not clear who has control over it.
Because of this, the primary domain was moved to WikiLeaks.ch, a fact announced by the organization on its Twitter feed.
However, some days ago, the WikiLeaks.org domain mysteriously started redirecting all traffic to WikiLeaks.info, a site hosted in Russia with a company called Heihachi Ltd., which according to researchers from Trend Micro, is a "known as a bulletproof, blackhat-hosting provider."
WikiLeaks.info does not mirror the most recent version of the website, but an older one that doesn't contain the "Cablegate" documents. Furthermore, it is not listed on the official WikiLeaks mirrors page.
Spamhaus, the world's leading anti-spam outfit, issued a warning about WikiLeaks.info saying: "Our concern is that any Wikileaks archive posted on a site that is hosted in Webalta [Heihachi] space might be infected with malware."
"Spamhaus has for over a year regarded Heihachi as an outfit run 'by criminals for criminals' in the same mould as the criminal Estdomains," the organization added.
WikiLeaks.info owners responded to the accusations by stressing that they constantly monitor the website and guarantee there is no malware on it.
They added that as long as the Russian company offers them reliable hosting that is resilient to takedowns, they don't care about its other customers.
According to Spamhaus, the IRC server used by Anonymous members to communicate is also hosted by the same shady provider.
The Wikileaks.info team has since changed the page to display a list of official WikiLeaks mirrors located around the world and moved the old version of the website to mirror.wikileaks.info.