It seems that Blackhat spam SEO is getting more and more effective, allowing attackers to spread malware and adware. Spammers can now easily infect thousands of websites in order to rank high in popular searches and trick users into surfings to their malicious pages.
Attackers are never short of ideas for disguising their malware or adware as legitimate software. While following some of the spam links I recently discovered, I stumbled upon a free video site which attempts to get users to install both the Zango and LoudMo adware.
First, an ad for VLC, a popular open-source video player, pops up. However, the executable downloaded is actually Zango adware. Only 8 antivirus vendors out of 42 find this particular piece of adware. This malicious file is only 20KB, compared to the official, and clean, 18.6MB official executable file for VLC.
 |
| This VLC executable comes with a spyware |
Then, at another site, in order to watch a movie, a user is prompted to download the Bing toolbar. This download however actually contains the Loudmo spyware (caught by only 10 antivirus vendors) that I had mentioned in a previous post.
 |
| Second attempt to install an adware |
As always, users should be aware to not download any software outside of official websites, and should not rely on their antivirus to sort out the bad from the good.
These adware attacks are a major source of revenue for websites that distribute copyrighted material such as pirated novies, as they cannot participate in legitimate advertising networks. I've found several websites offering free movie downloads which linked to these 2 sites.
-- Julien
