Thursday, October 09, 2008

Cybercriminals Abusing Lycos Spain To Serve Malware

Spanish cybercriminals have recently started taking advantage of the bogus accounts at Lycos Spain, which they seem to be registering on their own, by releasing a do-it-yourself malicious link generator redirecting to fake YouTube and Adobe Flash video pages. Whereas the concept of abusing legitimate web services for infection and propagation isn't new, what's new is the fact that the FTP access is efficiently abused

Here's a description of the link generator :

"Download the program and run it asks for an ID (identifier), then copy it and paste it there, then press' Create Installer 'and the program will create the Installer! (this program to run a simulation that is installing the Adobe Flash and indicates to our page that "has been installed Adobe Flash," in order to show the video when YouVideo refresh the page, this you must file tie it in with your server! and what flames or Installer Setup (simulating being an installer)!  Now you need to upload that file you've joined an FTP, click Next and put the path of that file in the next step!"

Whereas the tool is exclusively relying on Lycos Spain to host the binaries and the campaign itself, the recent blackhat SEO campaign relying on pre-registered Windows Live Spaces and AOL Journals syndicating hot Google Trends keywords, further indicates the malicious attacker's capabilities of efficiently abusing legitimate services. And with the process of bogus accounts registration performed automatically, or outsourced entirely, malicious services aiming to automate the abuse process are only going to get more efficient.

No comments:

Post a Comment