How Spamdexing works

As you can see in the below image below a seemly harmless “.edu” link from a Google search, can result in the user being redirected to a unwanted website that attempts to install a Trojan Codec.

The “.edu” link automatically redirects to “xxxvideossite(dot)com” site. (displayed in red = already blocked in the HOSTS file) Which automatically redirects via the “count.js” file to “givemepornvids(dot)com” which redirects to pornmoviesindex(dot)com. Once that page opens the viewer is presented with “get full-length high-quality movies absolutely for free!”, however clicking any of the images redirects to the below image.

Yes you guessed it … another Trojan.Codec infection. There are quite a few of these type sites linking to this newest Trojan.Codec site, which I’m adding to the HOSTS file for the next update (in a few days)

Comments are closed.