Malicious URLs arrive on Digg Web portal

According to PandaLabs threat researcher Sean-Paul Correll, malware distributors are now using rogue URLs on the Digg news aggregation portal to persuade Internet users to click through and become infected.

By placing URLs on the Digg pages that ostensibly link to interesting stories, Correll says that internet users are getting infected with malware.

The process is apparently known in hacking circles as RickRolling, and is named after the 1997 Rick Astley song "Never gonna give you up."

The real term in fraud circles, Infosecurity notes, is `bait and switch,' a process in which shoppers are lured into a transaction for a given product or service and which is then switched at the last minute.

PandaLabs' Correll says he has discovered several dozen `celebrities' posting stories or comments with malicious URLs on Digg that route to video files which turn out to be routes for adware or fake anti-virus applications.

Digg has been notified about the problem and is reported to be taking action, terminating as many as 300 accounts on its service.

The problem, Infosecurity notes, is not confined to Digg, but to any Web site - especially web 2.0 portals - that allow postings from internet users.

Which probably includes a sizeable minority of the hundreds of millions Web sites on the internet - including, ironically enough, which has a forum that allows postings...

What’s hot on Infosecurity Magazine?