Free Online Blogs for Movies May End Up in Trojan Download

As per the recent observation of the security firm Symantec, cyber criminals are dynamically abusing new movie releases for distributing malicious content by typically hosting a blog on a reputed site, which in fact redirects users to a malicious site.

The most recent incident can be traced as the movie "Obsessed", released in April 2009. In order to view it online for free, users could search for some phrase that contains keywords like free, movie, watch, online, etc., together with the name of the movie. One such search result for "Obsessed movie online free full video" is provided by digg.com that is flooded with the movie-related keywords.

Deepak Patil, malware Analyst at Symantec India, claimed that deeper investigations disclosed that attackers have posted multiple similar posts on blogspot.com, as per the news published by SCMagazine on August 21, 2009.

He further added that these blogs by attackers embrace a malicious link that redirects users to malware-hosting websites by means of multiple redirections. This provides attackers the privilege of continually shifting the site which ultimately delivers the malware.

The provided link, on being clicked by the user, redirects him to a blog post on blogspot.com. Again, the user's click on an image appearing to be a video player window, results into the downloading of a codec.

Some more movies in this list include Friday the 13th, State of Play, Hotel of Dogs and InkHeart. The cyber criminals are continuously seeking for new movie releases so as to fulfill their malicious intents by spreading malware.

It is noteworthy that the malware-hosting site where users are being directed is serving malicious code both for Windows as well as Mac OS. This finds relation with the browser's user-agent string, i.e. a Windows browser agent is delivered a Trojan that is intended for the Windows platform while Trojan intended for a Mac operating system is delivered for a Mac OS browser agent.

Symantec has detected this threat as OSX.RSPlug.A for Mac OS and Trojan.Fakeavalert for Windows. Users need to be wary of such social engineering tactics and should implement caution while visiting such free movie sites, suggested Symantec.

Related article: Free Web Host Services: spammer’s bull’s eye

» SPAMfighter News - 9/16/2009