" Malicious links "

Malware on Digg, YouTube

By Sean-Paul Correll of PandaLabs

A few weeks ago we talked about cyber-criminals using Digg.com to spread malware. Today we see that the very same group responsible for the Digg.com incident was using the same tactic on YouTube through the use of YouTube’s Annotations feature. Video Annotations is a way to add interactive commentary to videos on YouTube.

The following image displays a video using the annotations feature to guide users over to a malware ridden website:

Although the YouTube description malware is not as prevalent as the Digg.com comment abuse, it does show that Social Media websites are increasingly being used to spread Malware. We expect to see plenty of new examples similar to this throughout 2009.

Thanks to Dancho Danchev for the information.

Ever heard the term “Rickrolling”? Malware distributors have…

By Sean-Paul Correll of PandaLabs

Rickrolling is an Internet meme typically involving the music video for the 1987 Rick Astely song “Never Gonna Give You Up”. The meme is a bait and switch: a person provides a web link that he or she claims is relevant to the topic at hand, but the link actually takes the user to the Astely video.

Over the past few months we have noticed attacker efforts to maximize blackhat SEO tactics and increase infection rates at the same time by abusing the popular social news aggregate site, Digg.com. Digg allows users to create an account, submit, vote, and comment on news stories.

Malware distributors have been creating false stories with catchy subject lines as an attempt to bait (Rickroll) users into clicking links leading to an infection. In some cases the attackers do not create the news story themselves, rather linking to others relevant content. Below is an example of the attacker (in red) trying to take advantage of a valid digg submission. The malicious comment reads, “Heath Ledger naked in the shower, playing with herself.” and is posted to a relevant story about Heath Ledger. The “playing with herself” part is a bit confusing but my guess is that the attackers are using automation scripts to auto-generate content based on topic relevancy or that they are manually doing this and have no idea who Heath Ledger is. Most likely the former…

My initial search identified 52 accounts posting news stories or comments with malicious URI’s. The links all point to various fake codec sites, which lead to rogue anti-malware infections.

Some of the titles include:

Christian Bale freak out dubbed with video!
Christian Bale Terminator Salvation Takes it Up the Ass
Hot and sexy model Mayuko Lwasa in bikini
Pregnant Ujwala Raut in Bikini
megan fox naked secret videos
Sexy Megan Fox having sex Sex Tape, rally nice and hot video
Megan Fox naked NEW SEX TAPE
Robert Pattinson: fotos, vídeos, história
Jessica Simpson Hotel Sex Tape
Batman is Naked aka Christian Bale
Watch Grey’s Anatomy Season 5 online here
Breaks Season 4 Episode 9
Emma Watson Nude Video
Watch Emma Watson Sex Tape online here
Paris Hilton Sex Tape Update
Naked Truth on Celebrity News and Edison Chen Sex Scandal
Paris Hilton sex tape! Paris Hilton nude, naked movie!
Celebrity and Angelina Jolie nude, naked, in bikini, gallery
Tila Tequila topless nude and naked sex-porn gallery
Alyssa Milano nude, naked, sex tape – free gallery!
Lindsay Lohan’s nude Marilyn shoot
Heath Ledger naked in shower, playing with herself!!

Fake Codec Sites:

New Version of MS Antispyware 2009: