Sadly, the spate continues. Chalk another one up for this Arizona .gov site laced with links leading to malware downloads. The URL http://{BLOCKED}.azgu.gov/pupt.asp?Parkid=223 has been found by Trend Micro analysts to carry the following links:

* http:// {BLOCKED}n.shopmedic. info/
* http:// {BLOCKED}s.shopmedic. info/
* http:// {BLOCKED}b.shopmedic. info/

All of the said malicious links lead to the following:

When the continue button is clicked, the browser loads http://{BLOCKED}oft. com/download/502/541/1/, which downloads http://{BLOCKED}oft.com /soft/ temp/502_16c222a_ 1/VideoAccessCodecInstall.exe:

Good thing Trend Micro already detects this as TROJ_ZLOB.DZW. The variants of the ZLOB family, known for posing as video codecs, are notorious downloaders.

Porn and viagra redirects (as are the fare for recent hacks) are one thing, but malware downloads reek of a more sinister intent.

Nobody has learned, apparently, considering the attacks the past few days, one ca.gov county site and one superior court site. Hacked legitimate Web sites pose the greatest danger to Internet users today, since attacks like these conveniently dispose of the “hard-and-fast” browsing dictum: to never visit untrusted sites. Now it doesn’t matter where you surf; what matters are the tools you have to protect your browsing experience.

Authorities have been duly notified for site mitigation.

Thanks also to Trend Micro Researcher Erbert Ancheta and Michael Cortes for the additional info.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!