Porn Forums Distribute Malware

 
 
By Matthew Hines  |  Posted 2008-09-25 Print this article Print
 
 
 
 
 
 
 

Online attackers have been authoring blog posts for the sake of luring end users into downloading their malware files for some time, but Trend Micro researchers have now discovered entire Web forums that appear to have been created with similar intentions in mind.

According to blog posted by Trend researcher Loucif Kharouni on Thursday, the AV specialists' threat analysis labs have already found over 300 individual forums created on ProBoards.com -- a popular forum portal with thousands of sub-categories -- that have been created explicitly in the name of passing along malware.

All 300 of the involved forums are adult-themed, and through the attacks, the malware schemers offer forum visitors the chance to view free video files. However, when someone clicks on one of the files being presented, they are redirected to another URL and hit with a Trojan drive-by attack.

In some cases the forum pages ask users to download a codec needed to view the videos, but which also loads a Trojan.

The malware being delivered via the forum posts also appears to be changed on a frequent basis, Kharouni reported, with the TROJ_FAKEAV.NN and TROJ_CODECPACK.R examples among the most frequent attacks that Trend has already observed being distributed via the involved URLs.

The researcher said that malware may also be installed on users' systems when they refresh a page as they are redirected to other Web sites.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.

 
 
 
 
del.icio.us | digg.com
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel