• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Bad Sites   »   Government Sites Tainted with Sexy Star Video Lures

Government Sites Tainted with Sexy Star Video Lures

  • Posted on:June 1, 2009 at 7:40 pm
  • Posted in:Bad Sites, Malware, Spam
  • Author:
    Ailene Dela Rosa (Technical Communications)
5

Early last week we alerted a government agency about one of the pages in their site that appears to have been injected with malicious frames. The San Bernardino County site’s probation page was, during that time, carrying a frame that directs users to a known disease vector under the domain videosdivx(dot)net. The target URL bear the strings “KATRINA+HALILI+NUDE” which suggests that videos or pictures of the Filipino actress may be viewed from the URL. Halili is currently involved in a much talked about sex video scandal proliferating in the Philippines.

While the site is now clean, Threat Analyst Joseph Pacamarra found another attack capitalizing on the same sex video scandal, this time using the Ask George website, the state-wide information portal of Washington DC in the US. Accessing the said page, which had been injected with a script containing the words “katrina+halili+sexy+pic,” redirects to a site under a certain hot-unlikely-tube(dot)com domain.

Click

Clicking on the black screen, the user is informed that s/he needs to download a codec to be able to watch the video. But instead of a codec, the user downloads malware: TROJ_DLOAD.TID and its payload, TROJ_COGNAC.J.

Click

TROJ_COGNAC.J is saved as b.exe. It modifies the system registry to make sure it runs at every startup. It assists TROJ_DLOAD.TID in downloading files named qwerce.gif and a.exe from different URLs. As of this writing, the .gif file is non-malicious, and the URL that downloads a.exe is not accessible. While this means little danger for current victims of these attacks, the actual contents of the URLs may actually change any time to exhibit more dangerous side-effects.

The affected pages from the said site appear to have been modified last May 30, early morning US time. (Updated June 2, 22:40 PM PST: We have verified that the affected site is now clean as of this writing. Website administrators are advised to conduct penetration testing for their sites especially for high-traffic and high-interactivity ones.)

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.