Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: A little discussion on blog-hosted malware - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
A little discussion on blog-hosted malware

Tom Mercado over at TeMerc has posted some discussion around the increasing amount of malware showing up on Blogspot:

He has a couple of good links to further analysis and details that make it a good read.


We've had an e-mail in today from Ian who highlighted a potential AV false positive which we are still looking at. However, it was interesting to note that this issue manifested itself into blogspot hosted malware.

(Warning Will Robinson, Malware Ahead)


which reports to host a video downloaded from hxxp://

which tries to download hxxp:// which tries to download a binary, which has very poor VT pickup:

File install_video_3913230.exe received on 12.31.2007 13:13:31 (CET)
Current status:  finished
Result: 8/32 (25%)

 So, watch those wiered blogspots! This is just an example of how quickly the AV issue with CA Antivirus was used as a method to trick people into installing malware.


68 Posts
Dec 31st 2007

Sign Up for Free or Log In to start participating in the conversation!