CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
July 16th, 2010

Government .gov Domains DNS Hijacked, Point To Adult Content And Push Adware

Security researchers warn that various domains in the .gov space had their DNS hijacked and are hosting pages that redirect users to adult websites. The hijacking seems to be part of a scheme to push FLVDirect adware.

Apparently, FLVDirect affiliates are abusing several government domains, including, but not limited to yanceycountync.gov, uppersiouxcommunity-nsn.gov, woodfin-nc.gov, dumontnj.gov and emporia-kansas.gov to trick users into downloading and installing adware on their computers. The attackers have managed to create sub-domains of the form tubes-####.* (where # is a single digit) on all of the affected domains.

“It looks like their DNS has been hijacked and those sub domains point to servers that are not under their control,” researchers from Sunbelt Software, who analyzed the attack, write. Pages hosted on the rogue sub-domains are riddled with keywords and being used in a black hat search engine optimization (BHSEO) campaign to poison search results for queries related to adult content. Such techniques are commonly employed by cyber crooks to infect unsuspecting users looking for information on current events with scareware.

Visiting any of the pages hosted on the rogue sub domains redirects users to either a FLVDirect affiliate site promising hundreds of hours of adult videos for free or an adult dating community. FLVDirect is well known piece of adware – an application designed to display unsolicited ads once installed on a computer.

“Adware:Win32/FlvDirect is the detection for a file that installs the program ‘FlvDirect Media Player’. This program is usually bundled with another adware program detected as Adware:Win32/LoudMo. These installers contain an ID, which can be monitored; the more installers are deployed, the more an affiliate company is paid for deploying the installer,” Microsoft explains.

All the sub-domains appear to be hosted on a server responding to 66.49.238.80. This IP address belongs to a company called Canaca-com Inc, which sells Web hosting and VPS hosting services.

Credit: Softpedia.com News

Share this item with others:

More on CyberInsecure:
  • Hijacked High-Ranked Sites Serve Malicious, Illegal Content, Blacklisted By Google
  • Hackers Hijack ICANN And IANA’s Domains
  • Photobucket DNS Records Hijacked By A Hacking Group
  • SQL Attacks Still Inject Websites Including Government Sites In US, UK
  • NSA Goes Offline Due To A DNS Glitch

    • Posted in Breaches And Incidents, Cybercrime, Hacked | Print This Post Print This Post

    This entry was posted on Friday, July 16th, 2010 at 5:49 am and is filed under Breaches And Incidents, Cybercrime, Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Government .gov Domains DNS Hijacked, Point To Adult Content And Push Adware

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »