Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us

    A site dubbing itself as the world’s largest podcast directory has been compromised! Even Google cautions about visiting the site, warning the user that it “may harm your computer.”

    The site, hxxp://www.pod-planet.com, seemingly contains a redirector string, such that a visit to the site’s main page (hxxp://www.pod-planet.com/index.asp) will automatically lead users to http://www.{BLOCKED}e8.com/app/helptop.do, which in turn downloads a malicious file from http://www.{BLOCKED}e8.com/app/wm.exe. Trend Micro detects the downloaded file as TSPY_WOWAR.AG.

    Once again playing culprit to this series of redirections is injected code, which has been obviously obfuscated to deter possible analysis. Obfuscation — normally done to protect direct copying of personal code — may actually prove detrimental to a malware (spyware) author in this case, as it may be proof enough that a chunk of illegible characters is present in a fully legitimate site.

    Diligence is required of any Webmaster, and indeed much of it is needed in this robust era of Web threats. Such is truly applicable if one plans to call itself as the “largest podcast directory” on the Net, as malware writers are all too eager — and fully capable — to transform this “largest directory” to serve heapings of malicious intent.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice