RSS Alerts

Share

More services

Related Links

Related Stories

  • Batten down the hatches
    Due to the horrifying quantity of vulnerabilities, and often limited time and budget, application and database security can be quite a headache. Limiting privileges and access, however, is a good place to start, finds Danny Bradbury
  • Searching for Security
    With more than 30 000 web pages being compromised every day, search engine results could increasingly lead to malware infection. Kari Larsen asks what the search engines are doing to mitigate security threats, and how users can protect themselves
  • What’s in store for 2010?
    The Noughties are behind us now, but memories of a decade of data breaches will continue to haunt the infosec professional. If only there was a way of knowing what the threat landscape would look like in the months to come. Well you’re in luck as Davey Winder has dusted off the crystal ball and spoken to a broad church of infosec professionals to get some informed predictions for 2010
  • Breaking the Online Bank
    As technology and online behaviors change, so too do methods to compromise a person’s – or organization’s – most vital assets: their financial details. Ted Kritsonis examines how cyber thieves are adapting, and what the banks are doing to stop them
    Members' Content
  • Comment: Myths Plague Perceptions of Mobile Malware
    Trusteer’s Amit Klein takes a closer look at mobile malware, exploding the myths and dispelling the fantasies

Top 5 Stories

News

Malicious URLs arrive on Digg Web portal

12 February 2009

The ingenuity of malware distributors has reached new levels - of depths - depending on your point of view.

According to PandaLabs threat researcher Sean-Paul Correll, malware distributors are now using rogue URLs on the Digg news aggregation portal to persuade Internet users to click through and become infected.

By placing URLs on the Digg pages that ostensibly link to interesting stories, Correll says that internet users are getting infected with malware.

The process is apparently known in hacking circles as RickRolling, and is named after the 1997 Rick Astley song "Never gonna give you up."

The real term in fraud circles, Infosecurity notes, is `bait and switch,' a process in which shoppers are lured into a transaction for a given product or service and which is then switched at the last minute.

PandaLabs' Correll says he has discovered several dozen `celebrities' posting stories or comments with malicious URLs on Digg that route to video files which turn out to be routes for adware or fake anti-virus applications.

Digg has been notified about the problem and is reported to be taking action, terminating as many as 300 accounts on its service.

The problem, Infosecurity notes, is not confined to Digg, but to any Web site - especially web 2.0 portals - that allow postings from internet users.

Which probably includes a sizeable minority of the hundreds of millions Web sites on the internet - including, ironically enough, www.rickastley.co.uk which has a forum that allows postings...

This article is featured in:
Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012