CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
June 2nd, 2009

Government Sites Tainted With Malware, Lure Users To Click Sex Videos

Early last week TrendLabs alerted a government agency about one of the pages in their site that appears to have been injected with malicious frames. The San Bernardino County site’s probation page was, during that time, carrying a frame that directs users to a known disease vector under the domain videosdivx(dot)net. The target URL bear the strings “KATRINA+HALILI+NUDE” which suggests that videos or pictures of the Filipino actress may be viewed from the URL. Halili is currently involved in a much talked about sex video scandal proliferating in the Philippines.

While the site is now clean, Threat Analyst Joseph Pacamarra found another attack capitalizing on the same sex video scandal, this time using the Ask George website, the state-wide information portal of Washington DC in the US. Accessing the said page, which had been injected with a script containing the words “katrina+halili+sexy+pic,” redirects to a site http://hot-unlikely-tube.com/xplaymovie.php?id=40039

Clicking on the black screen, the user is informed that he needs to download a codec to be able to watch the video. But instead of a codec, the user downloads malware: TROJ_DLOAD.TID and its payload, TROJ_COGNAC.J.

TROJ_COGNAC.J is saved as b.exe. It modifies the system registry to make sure it runs at every startup. It assists TROJ_DLOAD.TID in downloading files named qwerce.gif and a.exe from different URLs. As of this writing, the .gif file is non-malicious, and the URL that downloads a.exe is not accessible. While this means little danger for current victims of these attacks, the actual contents of the URLs may actually change any time to exhibit more dangerous side-effects.

The affected pages from Ask George appear to have been modified last May 30, early morning US time.

Credit: Ailene Dela Rosa, Trend Micro TrendLabs

Share this item with others:

More on CyberInsecure:
  • Fake Sex Scandal Spam Campaign Involving Barack Obama Spreads Malware
  • Phishers Attack Facebook With A Variety Of New Scams
  • Another Round Of Fake Breaking News Spam Installs Malware
  • Google Doodle Poisoned By Rogue Anti-virus Scareware
  • FBI Offers Fake Child Porn Links

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Government Sites Tainted With Malware, Lure Users To Click Sex Videos

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.