Britney, Paris used as hook in new spam botnet

By

Emails embedded with fake Britney Spears and Paris Hilton Google search links are part of a new spam botnet that leads users to malware hosted by the notorious Russian Business Network (RBN).


Instead of embedding a typical URL link, security vendor BitDefender today said the e-mails use Google search result links such as 'www.google.com/pagead/iclk? sa=l&ai=trailhead&num=69803&adurl=http://.......com,' in an attempt to evade url-based spam filters.

The spam botnet directs users to a site offering explicit videos of celebrities including ‘New naked Britney video’ and ‘Paris Hilton New Video Auditioning Topless’ which hosts malware.

Once downloaded and executed, the malicious downloader, dubbed Trojan.Downloader.Exchange.A, downloads and executes more malware.

According to BitDefender’s Defence Center blog when users inspect the link, they will see a link to Google, however Google in turn redirects to the site specified as parameter in the URL.

“It seems that Google uses these types of URL's to redirect users who click on advertisement served up by Google's AdSense program, however insufficient parameter validation means that malware authors can modify the URL and use it to redirect users to arbitrary sites,” according to the blog.

According to BitDefender, the malware host, RBN has a reputation as a safe haven of spammers and malware authors worldwide.

"BitDefender has detected an increased overlap between spammers and malware authors, a veritable vicious circle where spam is used to spread malware which in turn spreads more spam,” said BitDefender Head of AntiVirus Research, Sorin Dudea. “Fighting one is fighting the other too."

Dubbed celebrity spam, over the past year many celebrities including Britney Spears and Paris Hilton's names have been used in the technique that aims to dupe users into clicking on malicious links.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
britney spearsinternet securitysecurity

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?