After seeing a post at several forums by someone linking to a download I took a look.
http://freeofvirus.blogspot.com/
Which went to this page rotating ads.
WOT warns about aussiez.com
Run
Yes
Actually the computer wasn’t infected but anyway…
I wrote this article yesterday but didn’t publish thinking I’d take another look today which I did. The link now leads to softpedia for a 58 KB download.
If you the user needs manual help to remove an infection please see the short list in the right side column under “Security Forums”, or the member sites listed at the Alliance of Security Analysis Professionals (ASAP)
I saw this article over at NetWorkWorld dated 01/31/08. Google blog used to spread malware
A Google-hosted blog is running phony security content that’s linked to malware, as well as using Google’s automated notification service to try to entice subscribers to click on an infected link, says one security expert.
“This is the first time we’ve seen something like this,” Elzam says. “If you get a message from a Google alert, you might think this is a service you can trust. But it’s directing you to a rogue site with fake security software.
This stuff is not new, but it is getting worse. A few days ago one of my alerts for Google Blogs provided a link which opened to a graphic pOrn page complete with videos, ‘click this to play’. Shortcut to infection via codecs, don’t ever click that junk.
I was watching for blogs containing the word of an outfit not usually associated with pOrn.
Fellow MVP TeMerc has been tracking Malware dispensing Google Blogs for some time:
More Blogspot Malware
Google Blogger Blogs Carry WinAntiVirus Ads
Storm is evolving into a very complex beast.
From rbnexploit.blogspot
Obviously the Russian Business Network (RBN) is working overtime during the Christmas and New Year holiday, no doubt planning for many in the ISP security and anti-spam arena to be on skeleton staff.
There are some interesting elements concerning which make this attack innovative:
# Although much of that detected is conventional spam, however there is also a large amount of spam which is getting through many anti-spam defenses due to the use of “fake†BlogSpot (Blogger) links
# Although most have identified as the Zhelatin Storm email worm or variant, it is also as the more recent fake codec downloads, dependent upon where the unfortunate user has come from. This now shows a “polymorphic†format, i.e. the virus or exploit has the ability to alter its signature in an attempt to combat anti-virus tools.
RBN – New and Improved Storm Botnet for 2008
Source: Harry Waldron
Intertwined. Malware on Google Blogspot
Users are getting infected every day with no interaction required.
Unlike some of these Zlob\Codec sites where users are duped into
downloading something. Or the current run of Storm variants being
pushed via Blogspot for that matter.
If you have the misfortune to be infected, I suggest you seek help at one of the sites listed in the right side column under “Security Forums”.
