« FBI issues code cracking challenge | Main | MD5 considered harmful today: Creating a rogue CA certificate »

Scammers Use Microsoft and IRS Open Redirects To Deploy Malware

"There is a new technique for luring unsuspecting users into installing viruses on their systems. Criminals will use a combination of Search Engine Optimization (SEO) techniques and common redirects that can be found on Microsoft.com and the IRS.gov websites. Here is how it works.

When users are on the IRS website and click on an external link a redirect link warning alerts the user that they are leaving the IRS website. It is a friendly way to let you know that you are leaving their domain.

The redirects have a URL. Gary Warner uses this example on his blog: http://www.microsoft.com/ie/ie40/download/?//00119922.com/in.php?&n=837&t=download+fruityloops+6+free. That is a virtual page that Micrsoft didn't create but was generated by the criminal. Microsoft has removed the link already but it may have redirected you to scammer.

The next step is to create the page that the redirect would go to. The page will automatically attempt to load a virus on your system.

The final step is to use inbound links to insure that that URL pops up high in the search engines. The criminal will write articles on various blog sites with links pointing to the bogus generated redirect URL. Since the domain is a major government agency or company (like Microsoft or the IRS), Google will pick the URL up as having good page rank and include the link high up in their search results."

You'll have to scroll down a bit to get to the useful bits.

Read more: http://www.bestsyndication.com/?q=20081227_virus_software.htm


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!