Fake security blogs lead to malware

Posted by   Virus Bulletin on   Feb 4, 2008

Blogger sites play on fears to draw victims to porn, trojans.

According to a report from Aladdin, numerous fake security blogs have been set up on the Google-owned Blogger blogging system, some carrying security news items taken from other sites including Aladdin's own website, and all redirecting to unrelated content, with porn and rogue anti-malware software on offer as well as exploits aiming to infect systems with trojans.

'The use of security-related content is clearly designed to draw traffic to the sites, targeting more alert users who monitor developments in the security world to ensure they keep informed about, and protected from, the latest threats,' said John Hawes, Technical Consultant at Virus Bulletin. 'In this case, the stolen news stories seem to have backfired somewhat by attracting unwanted attention from security firms, who will now surely pay close attention to protecting users from the threats being pushed by these sites, and work extra hard to get them blocked or taken down.'

More details of Aladdin's findings are on their research team's blog here, with more coverage in a Network World piece here.

Posted on 04 February 2008 by Virus Bulletin

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

VB2016 paper: Steam stealers: it's all fun and games until someone's account gets hijacked

Last year, Kaspersky Lab researcher Santiago Pontiroli and PwC's Bart Parys presented a VB2016 paper analysing the malicious threats faced by users of the Steam online gaming platform, and highlighting how organized criminals are making money with…

Research paper shows it may be possible to distinguish malware traffic using TLS

Researchers at Cisco have published a paper describing how it may be possible to use machine learning to distinguish malware command-and-control traffic using TLS from regular enterprise traffic, and to classify malware families based on their…

Is CVE-2017-0199 the new CVE-2012-0158?

After five years of exploitation in a wide variety of attacks, CVE-2012-0158 may have found a successor in CVE-2017-0199, which is taking the Office exploit scene by storm.

Review: BSides London 2017

Virus Bulletin was a proud sponsor of BSides London 2017 - Martijn Grooten reports on a great event.

VB2017: one of the most international security conferences

It is well known that the problem of cybersecurity is a global one that affects users worldwide - but it's also one that has some unique local flavours. With speakers representing at least 24 countries, VB2017 is one of the most international…