Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go
-->

.gov Domain Divert Users to Adult Websites Pushing Adware

According to a warning from security researchers, the DNS (Domain Name Server) of different .gov space have been compromised and made to host web-pages which divert visitors to adult websites. It appears the compromise has been done for distributing an adware named FLVDirect.

An antivirus software firm 'VIPRE' detected this adware as Win32.FLVDirectPlayer.

It has also been found that the adware produces a file which loads the FlvDirect Media Player program. Normally, this program comes packed with one more adware identified as Adware:Win32/LoudMo. There is an ID in these installers that can be checked. If an associate firm deploys a large number of installers, it is paid more money for doing the job.

The sub-domains seem to be hosted on a server that accepts the Internet Protocol address 66.49.238.80. This Internet Protocol own by Canaca-com Inc, a company that sells VPS and Web-hosting utilities.

The Win32/FlvDirect adware is obtainable from the FlvDirect Media Player Internet site and it's also possible to camouflage it as other applications.

Moreover, once the program is executed, it may exhibit a splash computer screen. There may also be an icon and a message appears on the installation software that the user alongside FLV Direct agrees to load 'LoudMo Contextual Ad Assistant.' This second software reportedly takes the guise of a code producer.

The researchers state that a partner of FLV Direct seems to have compromised a DNS as well as appropriated the Kansas state government website's name for diverting users to the FLVDirect site, as reported by Sunbelt BLOG on July 14, 2010.

Apart from the Kansas state government website, several others have been appropriated as well. These are: tubes-0611.uppersiouxcommunity-nsn.gov/1244.html, tubes-1111.yanceycountync.gov/1136.html, tubes-1011.dumontnj.gov/898.html and tubes-0511.woodfin-nc.gov/163.html.

Besides, the cyber criminals have set up sub-domains pertaining to tubes ####, where # represents a numerical digit, on each and every hacked domain.

It further seems that the .gov site names have been appropriated to divert users to the XXXBlackBook.com adult dating website, state the researchers.

Hence, it is advisable that users always keep their security software up-to-date to ensure self-protection from PC worms, viruses and other malicious programs.

Related article: “Loopholes did not cause online banking thefts”: ICBC

» SPAMfighter News - 29-07-2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next