Lead Us Not Unto Malware

jsredirect example

Who needs enemies when you have friends who might lead you to malware? In truth, of course, there is no stratagem on the part of your friends. Instead it could be an unfortunate set of circumstances that brings FakeAV or other malware to your doorstep whilst all you wanted to do was say “hello” to your chums via some social networking site or the other. Might I suggest phoning a friend?

Essentially the way this type of attack functions is by taking the following steps:

  1. Search page poisoning exploiting SEO techniques to ensure high popularity for dummy web pages.
  2. Inserting obfuscated JavaScript into said dummy pages expecting hits from users trying to access a social networking site like facebook.com.
  3. Redirecting users to fake sites which are likely to exploit browser or user (PEBKAC) vulnerabilities to install malware on the computer. This malware can be anything but in recent times it has tended to be FakeAV. A similar strategy was used during the OTT swine-flu paranoia.

The JavaScript seen today targets the sites listed in the image above. Users attempting to access the sites via links on other pages may be redirected to IP addresses all around the globe. At the time of writing these IP addresses did not host anything.

Therefore beware of suspicious-looking sites especially if they have high search popularity. And if you are looking for a friend, forsooth there is but One.