Tuesday, February 5, 2008

Click and Link to Malware

Nowadays, malwares are not hard to find. In fact, they are just everywhere lurking around the internet. But recently as we observed, there is something more agressive approach in getting user's attention and this is Advertisements.

Yes, there has been a series of complains about malicious advertisements. Just two weeks ago, Rapsody.com and Expedia.com has been hit by malicious banner Ad and there are more websites reported since then.

Q: Why is this happening?
A: Because Money is the root of ALL evil

The idea of malware retailing seems to be working here now. This business is not a scam or fraud, it is a real $$ business and we will be seeing more agressive ways because of the competition among other partners.

The malware business simple formula is this:

N(Click+Play+Install+M) = N($$$)

Where N is the number of ways it is delivered to net users or surfers. This could be in the form of website or email url links, banner advertisements, popups, message alert box, p2p downloads, bundled softwares, email attachments and et cetera.

Where M is the number of idea or strategy in getting more partners joining the business. This could be pay-per-click, pay-per-install, pay-per-play like previewing movie trailers, taking online surveys and et cetera.

Given this formula, it is more likely that high traffic websites such as social networks are at most risk and highly potental for infestation of malware retailers.

Three days ago, Myspace user reported a malicious Ad served by Myserver4u.com. The link attempts to download an Adobe flash file named "gnida.swf". This swf file is a malicious trojan downloader, which fortunately most AV scanners already detects.

A similar case was also found in Gaiaonline.com - a known community of Anime fan and Genesreunited.com - a No. 1 UK family tree and genealogy site. The malicious Ad served by quinquecahue.com attempts to play the swf trojan and redirects the user to a Rogue website. Check the screenshot here.

There is an increasing prevalence of this threat and we will be seeing more of this in the next few days. Watchout!