Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Handlers Diary Blog - A little discussion on blog-hosted malware InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

A little discussion on blog-hosted malware

Published: 2007-12-30
Last Updated: 2007-12-31 23:56:08 UTC
by Toby Kohlenberg (Version: 1)
0 comment(s)

Tom Mercado over at TeMerc has posted some discussion around the increasing amount of malware showing up on Blogspot:

He has a couple of good links to further analysis and details that make it a good read.


We've had an e-mail in today from Ian who highlighted a potential AV false positive which we are still looking at. However, it was interesting to note that this issue manifested itself into blogspot hosted malware.

(Warning Will Robinson, Malware Ahead)


which reports to host a video downloaded from hxxp://

which tries to download hxxp:// which tries to download a binary, which has very poor VT pickup:

File install_video_3913230.exe received on 12.31.2007 13:13:31 (CET)
Current status:  finished
Result: 8/32 (25%)

 So, watch those wiered blogspots! This is just an example of how quickly the AV issue with CA Antivirus was used as a method to trick people into installing malware.

0 comment(s)
Diary Archives