Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Amateur blog sites used in Trojan redirect campaign.

Aladdin Knowledge Systems : 01 February, 2008  (Technical Article)
Hackers have started using blogware to create phoney sites which victims land on from search engines to be redirected to pornography sites or Trojan carrying pages.
On Thursday, Jan 31st, the Aladdin eSafe Content Security Response Team uncovered a new malware infection method that lures Web surfers inquiring about security information into a security blog which then redirects them to random porn and other unwanted Web sites, infecting them with malware.

In most cases, the visitor is automatically redirected from the blog page to a randomly selected pornographic site, and in some cases, to rogue security sites (sites that offer fake security applications and actually infect with spyware or Trojans)., a Google company, is the most popular free blog with tools for creating and hosting blogs. Creating and editing blogs on Blogger is fairly simple, as any users can sign up for an account, choose a template for the appearance of his blog, and be up and running within minutes. Blogger allows its users to add and arrange page elements merely by dragging and clicking. Malware distributors are utilizing this feature to plant malicious scripts inside scam-filled blogs that redirect the victim to a wide range of Web sites harbouring various kinds of malware.

The Aladdin eSafe CSRT took notice of a blog hosted on Blogger which published, to much surprise, a 2006 news entry originally posted on Visiting this blog triggers a malicious JavaScript which redirects the victim to a variety of malicious Web sites that distribute many kinds of malware -- including Trojans, backdoors, rogue applications, and more.

Features of the threat are:.

1 Blog hosted on Google - security related links.
2 Redirect automatically to random site.
3 Web site is porn (90%) or a rogue security app.
4 Site contains exploit to infect with Trojan.
5 Seemly undetectable by most AV vendors.

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo