Wednesday, May 20, 2009

Massive spread of malware through fake sites entertainment

The cases of spreading malicious code through various methods of deception are an essential part in the cycle of spreading malware that developers employ.

The resources offered through the Internet for purposes of entertainment are often among the most exploited targets for the dissemination of harmful code, and to that end I have received many inquiries about sites with material that hosts children's entertainment of any injection of malicious code or downloading malware.

A concrete example is the strategy of deception that take advantage of social engineering to exploit visual resources sought in the massive cloud of information and of which I have shown several examples.

In this regard, other alternatives maliciously engendered in the mind of a developer intentionally malicious sites are created for the spread of malicious code.

For example, a fake Emule project site (the famous client to download files via P2P networks), from where you download a binary called
Currently very low detection rate, only 3 of 40 antivirus.

Even a fake site on the player videos Live Player, from which you download an executable named
Detected by 9 of 40 antivirus engines.

This is actively being exploited through a campaign that includes website promotion programs massively used. The domains involved are:

backstripgirls .com
buscalisto .com download.hot-tv .com
download.live-player .com

download.official-emule .com

download.original-solitaire .com

download.speed-downloading .com

download.web-mediaplayer .com

favorit-network .com

games-attack .com

go-astro .com go-turf .com
gomusic .com

gomusic .net

hot-tv .com

littlesmileys .com

live-player .com

official-bittorrent .com

original-solitaire .com

pc-on-internet .com

schnellsucher .com

search-solver .com

speed-downloading .com

static.favorit-creatives .com

vl02.c76.fvtn .net

web-mediaplayer .com

www.buscalisto .com

www.favorit-network .com

www.games-attack .com

www.gomusic .com

www.hot-tv .com

www.live-player .com

www.official-bittorrent .com

www.official-emule .com
www.pc-on-internet .com

www.schnellsucher .com

www.search-solver .com

www.smilymail .com

www.speed-downloading .com

www.trovarapido .com

www.web-mediaplayer .com

Even a search through these sites is obtained with a good web positioning, perhaps through Black Hat SEO techniques.

This proves the "enthusiasm" that the creators and disseminators of malware placed in these criminal acts clearly seeking to mislead users when trying to attract attention to methods of propagandists promoting malware through fake sites.

Related Information
Campaign spreading XP Antivirus Police through Visual Social Engineering - Spanish version

# Jorge Mieres

No comments: