A little discussion on blog-hosted malware

Published: 2007-12-30
Last Updated: 2007-12-31 23:56:08 UTC
by Toby Kohlenberg (Version: 1)
0 comment(s)

Tom Mercado over at TeMerc has posted some discussion around the increasing amount of malware showing up on Blogspot:

http://temerc.com/phpBB2/viewtopic.php?p=3427118&sid=a9a9ac1a1a681537c20fac3ebbfeba89#3427118

He has a couple of good links to further analysis and details that make it a good read.

Update

We've had an e-mail in today from Ian who highlighted a potential AV false positive which we are still looking at. However, it was interesting to note that this issue manifested itself into blogspot hosted malware.

(Warning Will Robinson, Malware Ahead)

hxxp://katuvideo.blogspot.com/2007/12/jssanza.html

which reports to host a video downloaded from hxxp://klikme.cn

which tries to download hxxp://katuvideo.blogspot.com/2007/12/jssanza.html which tries to download a binary, which has very poor VT pickup:

File install_video_3913230.exe received on 12.31.2007 13:13:31 (CET)
Current status:  finished
Result: 8/32 (25%)

 So, watch those wiered blogspots! This is just an example of how quickly the AV issue with CA Antivirus was used as a method to trick people into installing malware.

Keywords:
0 comment(s)

Comments


Diary Archives