CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
June 9th, 2008

Cross-Site Scripting Vulnerability On Dogpile.com Helps Malware Spam Distributors

Over the last few months endless malware campaigns abused Google and DoubleClick redirect links in their spam. Clicking on such safe looking link will result a redirection to a malware hosting site and an infection of user’s Windows running machine.

Even though it took Google some time to close this redirection, the malware authors have successfully switched to Dogpile.com redirection vulnerability. Here is an example of Dogpile.com cross-site scripting vulnerablity that allows redirection of visitors who click a link originating from dogpile.com domain:

http://www.dogpile.com/clickserver/_iceUrlFlag=1?
rawURL=http://CNN.com&0=

It is safe clicking on this link, it will just redirect you to CNN.com. Malware authors are actively using this redirection to infect users by sending them confusing, safe looking links to exploit hosting sites. The sad thing about it is that another redirection vulnerability on Dogpile was discovered and reported back in Novermber 2007. It is still unfixed.

Google has done quite a bit to fix the redirection problem, Dogpile should aslo fix it soon (hopefully), but the party will just move on to a different location. A good example would be a redirection vulnerability on Devicelock.com, reported by XSSed and still unfixed.
DeviceLock, Inc. is a “worldwide leader in endpoint device control security” and on their website they offer a security solution that prevents unauthorized access to USB devices. They are proudly using a Content Managment System (CMS) called Bitrix and here is the redirection example on their website:

http://www.devicelock.com/bitrix/redirect.php?event1=
demo_out&event2=sm_demo&event3=pdemo&goto=http://CNN.com

Lets say an average user is receiving an email with a link like the one above. The email says that he is a winner of some free DeviceLock promotional product and all he needs to do to claim it is clicking that link. User clicks the link, being redirected to a malware hosting site and another Windows machine probably gets infected. Although the number of popular and trusted domains is limited, it seems malware spam techniques will contain various redirection links for a long time.

Share this item with others:

More on CyberInsecure:
  • Facebook Mobile API XSS Vulnerability Used To Launch Spam Worm
  • Another Cross-Site Scripting Vulnerability On eBay Domain Sites Allows Phishing
  • Hacked Obama Site Redirects Visitors to Clinton’s Site
  • Cross-Site Scripting Vulnerability On Paypal Could Be Used In Phishing Attacks
  • Cross-site Scripting Vulnerability Found In MI5 Website By A Hacker

    • Posted in Malware, Spam, Vulnerabilities, XSS | Print This Post Print This Post

    This entry was posted on Monday, June 9th, 2008 at 2:09 am and is filed under Malware, Spam, Vulnerabilities, XSS. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Cross-Site Scripting Vulnerability On Dogpile.com Helps Malware Spam Distributors

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »