.gov Domain Divert Users to Adult Websites Pushing Adware

Latest news
Facebook Targeted with Valentine Attack Results in Malware FBI Likely Deployed Spyware for Surveillance on MegaUpload Cidrex Trojan Opens E-mail ids in ‘Yahoo,’ Uses CAPTCHA to secure them E-mail Supposedly Inviting to Conference, Serves Trojan Collaborated Effort towards Evading Spam

Support our Sponsors

uClip Clipping Path Service

Main Menu

Resources

Login
Username Password Remember Me Forgot your password? Forgot your username? Create an account

Syndicate

Popular
Amazon Accountholders get Fresh Phishing E-mail Enterprises Facilitated through Malware Circulation in Government Cyber-criminals Execute e-Payment Malware Assault Eleven Survey Rated Spam the Biggest E-mail Security Threat in Ten Years Websites Diverting End-users onto ‘Blackhole’ Increasing Within Russia: ESET

Trampolines usa

.gov Domain Divert Users to Adult Websites Pushing Adware

Written by Administrator

Thursday, 29 July 2010 11:00

According to a warning from security researchers, the DNS (Domain Name Server) of different .gov space have been compromised and made to host web-pages which divert visitors to adult websites. It appears the compromise has been done for distributing an adware named FLVDirect.

An antivirus software firm 'VIPRE' detected this adware as Win32.FLVDirectPlayer.

It has also been found that the adware produces a file which loads the FlvDirect Media Player program. Normally, this program comes packed with one more adware identified as Adware:Win32/LoudMo. There is an ID in these installers that can be checked. If an associate firm deploys a large number of installers, it is paid more money for doing the job.

The sub-domains seem to be hosted on a server that accepts the Internet Protocol address 66.49.238.80. This Internet Protocol own by Canaca-com Inc, a company that sells VPS and Web-hosting utilities.

The Win32/FlvDirect adware is obtainable from the FlvDirect Media Player Internet site and it's also possible to camouflage it as other applications.

Moreover, once the program is executed, it may exhibit a splash computer screen. There may also be an icon and a message appears on the installation software that the user alongside FLV Direct agrees to load 'LoudMo Contextual Ad Assistant.' This second software reportedly takes the guise of a code producer.

The researchers state that a partner of FLV Direct seems to have compromised a DNS as well as appropriated the Kansas state government website's name for diverting users to the FLVDirect site, as reported by Sunbelt BLOG on July 14, 2010.

Apart from the Kansas state government website, several others have been appropriated as well. These are: tubes-0611.uppersiouxcommunity-nsn.gov/1244.html, tubes-1111.yanceycountync.gov/1136.html, tubes-1011.dumontnj.gov/898.html and tubes-0511.woodfin-nc.gov/163.html.

Besides, the cyber criminals have set up sub-domains pertaining to tubes ####, where # represents a numerical digit, on each and every hacked domain.

It further seems that the .gov site names have been appropriated to divert users to the XXXBlackBook.com adult dating website, state the researchers.

Hence, it is advisable that users always keep their security software up-to-date to ensure self-protection from PC worms, viruses and other malicious programs.

Read full article...