Nov9
4:56 am (UTC-7)   |   by Jonell Baltazar (Advanced Threats Researcher)

We are seeing another development from the Koobface botnet, this time abusing the Google-owned service Google Reader to spam malicious URLs in social networking sites such as Facebook, MySpace, and Twitter.

The Koobface gang used controlled Google Reader accounts to host URLs containing an image that resembles a flash movie. These URLs are spammed through the said social networks. When the user clicks the image or the title of the shared content, it leads to the all-too-familiar fake YouTube page that hosts the Koobface downloader component.

Click for larger view Click for larger view

Google Reader is a free service offered by Google that allows users to monitor websites for new content. It also allows the users to share content from the websites. Any user online can view these pages as they are shared with the public. Sharing any Google Reader page publicly is easy as anyone can click on the share icon in his or her Reader page and the content will appear on his or her public page

 

This ability to share content with the public was abused by cybercriminals to use the Google Reader domain to spam malicious links.

We have already contacted Google about this matter to remove the malicious content. As of now we’ve found 1,300 Google Reader accounts used for this attack. The spam URLs hosted through these accounts are now blocked.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!



This entry was posted on Monday, November 9th, 2009 at 4:56 am and is filed under Malware, Spam . Both comments and pings are currently closed.



27 Responses to “Koobface Abuses Google Reader Pages”

Trackbacks

  1. Koobface Abuses Google Reader Pages | Malware Blog | Trend Micro « "The CTI Blog"
  2. TrendMicro (TrendMicro)
  3. DeclanmWaters (Declan Waters)
  4. UKAGExtensionIT (UK Extension IT NEWS)
  5. UnderForge of Lack » Blog Archive » 2009.11.10 火曜日
  6. InfoSec Daily » ISD Episode 4
  7. kool-gadgets.com » Bot Herders Used Google Apps To Spread Malware
  8. Menardconnect (Menard Osena)
  9. Hola PO! » Google Reader infectado de virus
  10. Google Reader infectado de virus : Blogografia
  11. Un virus infecta más de mil cuentas de Google Reader Un virus infecta más de mil cuentas de Google Reader « arrayexception.com - Tecnologia y Desarrollo
  12. Un virus infecta más de mil cuentas de Google Reader | Inicio Mio
  13. Web-Seiten: Koobface jetzt in Google Reader
  14. Pages web: Koobface maintenant dans Google Reader
  15. Best web apps: Koobface now in Google Reader
  16. Applicazioni Google aggridite dal malware | Sicurezza&Privacy.Trovare.Info
  17. Blight Watch » Blog Archive » Koobface Attacking Facebook
  18. Google Reader, ¿’crackeado’? | GrupoHidalgo.com
  19. Google Reader infectado de virus | Ricón de Ocio
  20. Social Media Security » Social Media Security Podcast 5 – Google Reader, Privacy, Wave, ChromeOS and Foursquare
  21. Google Reader infectado de virus
  22. Koobface manipula las páginas de Google Reader » Countermeasures
  23. Koobface botnet enters the Xmas season | Zero Day | ZDNet.com
  24. Attenzione al nuovo virus di Google Reader | GeekTwice
  25. Attenzione al nuovo virus di Google Reader | Risorse Free
  26. 2010 – Year of the Zombie Cloud? » CounterMeasures
  27. 2010 – Year Of The Zombie Cloud? | Business Computing World



 
TrendWatch Hijack This Web Protection Add-On
Free Online Virus Scan Rootkit Buster Submit Suspicious Files
Global Malware Map RUBotted? Trend Micro
 



    		 
© Copyright 2010 Trend Micro Inc. All rights reserved. Legal Notice