Protected by Copyscape DMCA Takedown Notice Infringement Search Tool
All opinions expressed on this blog are my own and do not reflect those of BIET Jhansi students and employees,staff,or any official whatsoever, colleagues, family or friends.I express my opinions as a free citizen of a democracy exercising my Fundamental Right of speech. The intention of this blog is merely to air my views and opinions (and sometimes, frustration) and is not intended to insult, instigate,disgrace or hurt anyone(body,organisation or institution). Anyone is free to disagree with any or all of my views and can express them here or elsewhere. Any civil dialogue that is not unreasonably hurtful is welcome. I, however, reserve the right to delete any comment without any reason or warning.No content of this blog will in any way be a violation UNDER IPC Sections 506 and 295A .Legal issues if any will be ristricted to the MEERUT jurisdiction only.This blog/web space is in the process of being copyrighted to safegaurd my interests erstwhile this be considered to be under the creative commons commercial INDIA License.This space resorts to politically and ethically correct statements, complying with the spirit of blogging .This is an opinion medium, not a reporting medium and hence should not be IN ANY CASE BE TAKEN AS A FUNCTION OF MAINSTREAM MEDIA.The blog complies with the NAAVI guidelines. Thank you, MANOJ SINGH RANA

Friday, October 9, 2009

Lead Us Not Unto Malware


Who needs enemies when you have friends who might lead you to malware? In truth, of course, there is no stratagem on the part of your friends. Instead it could be an unfortunate set of circumstances that brings FakeAV or other malware to your doorstep whilst all you wanted to do was say “hello” to your chums via some social networking site or the other. Might I suggest phoning a friend?

Essentially the way this type of attack functions is by taking the following steps:

  1. Search page poisoning exploiting SEO techniques to ensure high popularity for dummy web pages.
  2. Inserting obfuscated JavaScript into said dummy pages expecting hits from users trying to access a social networking site like facebook.com.
  3. Redirecting users to fake sites which are likely to exploit browser or user (PEBKAC) vulnerabilities to install malware on the computer. This malware can be anything but in recent times it has tended to be FakeAV. A similar strategy was used during the OTT swine-flu paranoia.

The JavaScript seen today targets the sites listed in the image above. Users attempting to access the sites via links on other pages may be redirected to IP addresses all around the globe. At the time of writing these IP addresses did not host anything.

Therefore beware of suspicious-looking sites especially if they have high search popularity. And if you are looking for a friend, forsooth there is but One.

Posted by at

No comments:

Post a Comment

Comments Section

Subscribe to: Post Comments (Atom)