Geolocatiedienst Utility of Porn Sites Utilized to Identify Infected PCs’ Location
According to researchers from security firm, Websense, a malware strain has been revealed from infected computers offering adult dating websites. As the service utilizes geo-location service, the location of an infected system can be determined easily without difficulty.
Innumerable malicious programs examined within the firm's laboratory reached out to the URL promos.fling.com/geo/txt.city.php. Initially, the researchers wondered if it was any central command-and-control (C&C) system of a malicious network-of-bots.
The URL marked as "Hottest Place to Hook Up", enticed netizens towards meeting the hottest members in San Diego", the city where the Websense Security Labs is located. And it is at this juncture that the crafty site promos.fling.com/geo/txt.city.php starts its malicious activity.
The investigation displayed that the promos.fling.com was a pornographic site and investigators also found that its geolocatiedienst was utilized for finding out where the visitors were based.
Utilizing Wireshark, one network apparatus for performance during a sale-and-purchase racket of malicious programs taking help of the geo-location service, enables end-users for viewing additional information that is already exposed.
Websense states that over 4,775 items of this still un-named malicious software pushing the assault are with its laboratory. These are perhaps utilized for computing statistical data alternatively infecting PCs within a specified geographical location.
The security company also detected other possible C&C links within the external links pertaining to the said malware items. It found that the links attempted at concealing the malevolent HTTP with the help of a counterfeit string of the user-agent namely "user-Agent: opera/6 (windows NT 5.1; CA; LangID= x86)".
Specialists advise end-users for remaining wary about such uninvited websites that cyber-criminals chiefly use.
» SPAMfighter News - 16-05-2012