Camouflaging malware URLs

February 14, 2008 on 8:28 pm | In Malware analysis | 3 Comments

Recently we have seen a trend of spam mails that are using camouflaged links to get you to a malware ditributing site.

Two examples that worked when tested on february 8 2008:
Follow the leader

If you look closely you will notice that they will both redirect you to my subdomain at geekstogo but at first sight most users might expect to see search results, rather then being sent somewhere.

Of course the malware distributors are not as nice as I am. 🙂
I just sent you to the site, but with the same effort there will be a (php or other) script waiting for you that dumps a trojan on your computer.

I stole those two tricks out of mails sent by the same distributor and I would have ended up installing the rogue VirusHeat if I wouldn’t have gone in expecting the worst and protected accordingly.
Both mails promised me a video with Britney and not one recorded while she was making music. 😉

Yahoo seems to have fixed the problem with their redirect service in the meantime.

Powered by WordPress with Pool theme design by Borja Fernandez.
Entries and comments feeds. Valid XHTML and CSS. ^Top^