SlideShare.Net Exploited to Distribute Malware

According to threat researchers at ESET, namely Pierre-Marc Bureau, David Harley and Sebastián Bortnik who created a blog posting, hackers have been exploiting the Slideshare.net website to distribute malicious software.

The researchers state at the Latin American office of ESET that during August 1-2, 2009, they discovered that the popular social media website was being utilized to spread malware through bogus slide decks by miscreants.

Although these early assaults were comparatively easy to spot, future attacks could be more deceiving.

The ESET report reveals that during the attack, the perpetrators developed slide decks that carried a malicious web-link taking users to a fake website. This website used conventional social engineering tricks to entice unwary victims into visiting Slideshare.net.

According to the researchers, careful users should have got the hint from the presentation of the slide decks themselves, but they (the researchers) have no method to know how effective the attacks were.

Moreover, the presentation contained a linked slide as well as appended the logo of SourceForge.Net so that the download appeared credible.

David Harley said - in case the user follows the web-link, he will be led to a site, which resembles SourceForge.Net, but in reality it is an impersonated site created for malicious objectives. Thereafter, the window will reveal an .exe type file to be downloaded, said Harley, as reported by SCMagazine on August 4, 2009.

When the user performs the download, no antivirus software is installed, rather a malicious program (malware) infects the user. ESET detected this program as Win32/Kryptik.YT.

Additionally, Harley said that Pierre-Marc had been finding differently named files from a URL apparently originating from China. One of those files was identified as Win32/TrojanDownloader.FakeAlert.ADB that led to the download of spurious AV products. When this file put to test with VirusTotal, it revealed good antivirus recognition (31/41).

Hence, researchers advised users to exercise caution while performing downloads since there could be sudden misuse of any platform to spread malware. More specifically, citing the current instance, they said that it was clearly sensible to download security software only from their authorized sites.

» SPAMfighter News - 8/25/2009