Members
  • Total Members: 12814
  • Latest: Rono
Stats
  • Total Posts: 28517
  • Total Topics: 8240
  • Online Today: 976
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Hackers new trick - Google News of baseball death (Troj/Reffor-A, Mal/BadRef-A)  (Read 2063 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Tragically, the 26-year-old died from an accidental overdose of drugs and alcohol late last year.

This news has only just become widely known after the mainstream media stumbled across the story.

So, how is this a relevant topic for this blog? Well, heartless hackers have set up a website pretending to be a Google News search result about John Odom's death, which installs malicious software onto your computer.

In the above graphic showing search results for John Odom's name, sent to me by Clu-blog reader Pete, you'll see that squeezed between two legitimate news reports from the Chicago Sun-Times and the Seattle Times is a link to a site called news.google.com7newspapers.[censored]

Clu-blog reader Pete, who brought this piece of malware mischief to my attention speculates that the hackers are using a 7 in the domain name because it looks like a /. In other words, the hackers are hoping that people will mistake the link for a genuine report on Google News rather than a website hosting a piece of malicious code.

Because if you do visit the page you'll find a Trojan horse called Troj/Reffor-A is downloaded to your Windows PC.

Of course, many people interested in the story of John C Odom's tragic end may click on links without noticing that they are attempting to disguise their true nature. No doubt we will see many more examples of hackers leaping on to the latest hot terms searched for on search engines in their attempt to infect as many computer as possible.

Customers using the Sophos WS1000 Web Appliance will find that the website hosting the code is blocked as Mal/BadRef-A.

(Sophos)

Samker's Computer Forum - SCforum.info





 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising