Digg This: Malware Makers Target Social Media
It seems unlikely a Digg.com user (generally thought of as young and tech savvy) would be fooled by comment spam promising video of “Heath Ledger naked in the shower, playing with herself.” They might though, take the bait for a simpler, error-free “Megan Fox naked NEW SEX TAPE.”
That spammers/cybercrooks entice users with promises of nude and lewd celebrity footage isn’t news. That they appear to be using comment scripts on Digg and maybe even hijacking Digg accounts is news.
PandaLabs reports the discovery of these types of postings, many or all of them leading to VideoPlay adware. Once a user takes the bait, they are told they need to download a codec. The code is a ruse, though, and triggers a barrage of security popups recommending the user purchase a download of security software to remove what appear to be several strains of malware.
“The profiles used have probably been stolen from their owners, by stealing account passwords. This is another example of how cyber-crooks are using trusted Web 2.0 services to distribute malware”, explains Luis Corrons, Technical Director of PandaLabs.
Other examples of comment bait have included “Christian Bale freak out dubbed with video!” and “Jessica Simpson Hotel Sex Tape.”