Spamdexing and another YouTube look-alike
A little background … I have this blog set to “Approve” most content that is added via the “Comments” link. Now I usually get a few Spam entries that I simply ignore … but this one caught my eye and I thought I’d follow the link posted to see where it went …
Notice the content posted at the bottom of the above page? … it’s a quote from one of my posts the other day “Beware of YouTube look-alikes” … however clicking on any of the images just above that leads to “reportblogsite(dot)com” … even the page layout and design is the same … strange …
Image edited for display purposes.
Which looks like a typical blog type site … except if you click any of the images on the page which leads to …
Imagine that! … another YouTube look-alike with the same old bogus (Trojan.Codec/Zlob) prompt … the download “setup_axplugin.exe” from “axvideoplay(dot)com” is not very well detected [VirusTotal results]
Then just this morning I get another Spamdexing comment … waiting for Approval … same page layout and design as the others … well isn’t that special! … and you guessed it … clicking any of the innocent looking images leads to “youutubee(dot)com“. Matter of fact the images are actually being drawn from Metacafe a safe YouTube type site …
Needless to say all these culprits will be added to the next HOSTS file update …
reportblogsite(dot)com and reachnewsworld(dot)com are both hosted at Intercage [69.50.160.0 – 69.50.191.255]
axvideoplay(dot)com and axvideoplugin(dot)com are both hosts at Layered Technologies which is fast becoming a new haven for the Trojan.Codec gang … as evidenced in my last post …
3 Comments »
Filed under: Uncategorized
March 25th, 2008 at 1:07 am
You probably know about these clones of reportblogsite, but if not…
dotinfonews.com
mediafornews.com
newspaceinfo.com
reachnewschannel.com
reachnewsonline.com
saveyournews.com
skyviewinfo.com
supernewsblog.com
surfnewsmag.com
topviewreport.com
tvnewsmag.com
viewforinfo.com
March 26th, 2008 at 6:25 pm
That’s a new one on me. I’ve sen a pattern to the way the owners of these sites generate traffic, using a complex network of redirectors that I’ve documented on my own blog at
http://tacit.livejournal.com/238112.html
but I haven’t seen the attackers generate traffic to these sites using lookalikes of blogging sites before. Very interesting.
April 7th, 2008 at 8:59 am
Great stuff, Mike – keep it up!