zvelo first detected a compromise on the Fox Sports website two weeks ago and as of today, at least one Fox Sports host continues to contain automatic links to a multitude of dangerous exploits. Even with media coverage and direct emails, this compromised host has not been taken offline or cleaned. The threats being hosted have rotated with the most recent threats being remote script links to ackworld.com and nt002.cn.
A fresh twitter phishing campaign is underway and using both tweets and direct messages to spread. The messages contain text such as “hah, I think I seen u on here” and “wow you look different on here” together with a link to a video.
Quick update on this web threat: as of today, 10/7/09, the Fox Sports website is still compromised. The specific URL, hxxp://msndr.foxsports.com/, has been cleaned, but any added nonsensical path results in a 404 page with the malicious iframe to thingre.com.
The Fox Sports website remains infected and a risk to the 11m+ unique visitors (as reported by Compete). This website is ranked as the 135th in the United States and 523rd most popular in the World according to Alexa remains compromised and a major security risk to end-users.
zveloLABS™ detected malicious code on the foxsports.com website late yesterday. Hackers have once again increased their tally of well known websites recently exploited to serve dangerous content.
Since tropical storm Ondoy hit the Philippine Capital on Saturday, attackers have wasted no time planting malicious pages claiming to host videos of the historic disaster. The city of Manila saw flooding on a level that hasn’t been seen in decades and the pictures are jaw dropping.
zveloLABS™ has been tracking compromised sites that host PageRank Bombs since 2008. The attacker hacks a site, but instead of putting exploits on the hacked site, they put links to other websites in order to boost the search result ranking on various search engines. Initially this was being used for ad sites, porn sites, and pharma fraud sites. Now, however, it is being used to boost the results of malicious sites, but with a new twist that targets Google users.
zveloLABS™ has found thousands of URLs and over 200 new domains registered to a group of Chinese scammers. The new sites are the same as the old, but with new branding and promotional products, such as “Acai Power Slim” “Pure Magnum Pro” and “Colo Cleanse Plus”. This scam is perpetrated by sending spam messages advertising a “free trial” of the products. In the end, the criminals have made off with personal information, a credit card number and a recurring monthly charge.
zvelo is researching a widespread and dangerous ring of fraudulent “OEM Software” distribution sites. These sites offer popular software from Microsoft, Adobe, and many other vendors at a greatly reduced price. Not only do they not deliver installable software, they collect sensitive information from individuals, including credit card numbers.
zveloLABS™ has been tracking a rapidly growing pattern in website exploits over the last 24 hours. Since Thursday, Aug 20 zvelo has seen over 6,000 compromised URLs with a similar pattern.