An online movie blog that is accessed via Digg is distributing Trojan downloaders via a malicious video player window.
Symantec claimed that it had recently observed that attackers are actively exploiting new movie releases to distribute malware, with the general practice to host a blog on a reputable site, which in actual fact redirects users to a malicious website hosting malware.
The movie ‘Obsessed' was released in April this year and starred R&B singer Beyoncé Knowles. In order to watch it online for free, users can search for a phrase that includes keywords such as movie, free, video, online, watch, etc., along with the movie's name.
Therefore a search for ‘Obsessed movie online free full video' offers a result from digg.com that is flooded with the keywords related to the movie. However, when a user clicks on the link it redirects to a blog hosted on blogspot.com and once the user clicks on an image that appears to be a video player window, it redirects to a codec download.
Symantec's Deepak Patil claimed that further investigation revealed that blogspot.com has been abused by attackers with multiple, similarly styled posts. The immediate and interesting observation is that these blogs are using similar templates.
Patil said: “These blogs usually contain a link that redirects users to malicious sites using multiple redirections. This enables cybercriminals to continually change the site that finally delivers the malware.
“Interestingly enough, the malicious site to which users are being redirected is serving malware for Windows as well as for Mac OS. This is based on the user-agent string of the browser. For a Windows browser agent it delivers a Trojan intended for the Windows operating system, and for a Mac OS browser agent it delivers a Trojan for the Mac operating system.”
Symantec anti-virus products detected this threat as Trojan.Fakeavalert for Windows and as OSX.RSPlug.A for Mac OS. It warned users to be aware of these social engineering techniques and to use caution when visiting any such sites.