Fake Blogs Spreading Malwares
Attackers are using different different techniques to spread malwares to infect Internet users computers. Now they are using fake blogs and forums to spread the Malwares. Trend Lab have discovered several fake blogs hosted on a popular and trusted blog publishing tool that have been inserted with a malicious IFrame to redirect users to a porn Web site. Here’s a screenshot of a fake blog:
These blogs redirects users to porn websites while inserting the following script code.
There are some other types of blogs also. They don’t make any sense, they just have a series of words type to just make a blog post. hey contain links to “Movies, Pictures, Videos” however. When clicked they redirect users to this porn site that promises free videos:
When users try to view any video, These blogs ask users to download Codec to view the video.
The codec supposedly could be downloaded from the URL http://ultimate-x-{BLOCKED}s.net/up/UltimateVideoCodec-71.exe. The said site is inaccessible, however, and further investigation reveals that hackers made some mistake here. The URL should be http://online-x-{BLOCKED}s.net/up/UltimateVideoCodec-71.exe.
Trend Micro detects the file UltimateVideoCodec-71.exe-1 as TROJ_DROPPER.BX. Upon execution, this Trojan drops the file Xml2u32h.dll, detected as TROJ_BHO.EZ.
Trend Lab has discovered over thousands blogs of this type, which are believed to be created by the malicious users themselves just for this particular operation. Users may be lured easily into clicking links in blogs with legitimate or reputable domains and they may not consider what’s posted inside as being potentially dangerous to their systems.
Users are advised to be careful in clicking links and in downloading files even if these links are posted in legitimate blogs.
September 26th, 2008 at 7:54 AM
It gives an insight about online threats for newbies…
Useful one….
Stumbled…
September 28th, 2008 at 8:11 AM
I too had to face some of these blogs. Blogger should do something in this regard.