A little discussion on blog-hosted malware
Tom Mercado over at TeMerc has posted some discussion around the increasing amount of malware showing up on Blogspot:
http://temerc.com/phpBB2/viewtopic.php?p=3427118&sid=a9a9ac1a1a681537c20fac3ebbfeba89#3427118
He has a couple of good links to further analysis and details that make it a good read.
Update
We've had an e-mail in today from Ian who highlighted a potential AV false positive which we are still looking at. However, it was interesting to note that this issue manifested itself into blogspot hosted malware.
(Warning Will Robinson, Malware Ahead)
hxxp://katuvideo.blogspot.com/2007/12/jssanza.html
which reports to host a video downloaded from hxxp://klikme.cn
which tries to download hxxp://katuvideo.blogspot.com/2007/12/jssanza.html which tries to download a binary, which has very poor VT pickup:
File install_video_3913230.exe received on 12.31.2007 13:13:31 (CET)
Current status: finished
Result: 8/32 (25%)
So, watch those wiered blogspots! This is just an example of how quickly the AV issue with CA Antivirus was used as a method to trick people into installing malware.
Comments