Saturday, 21 April 2012

Hmm: Amber Warning - Watchout Watchout There's a Russian Malware Site About

Alert status Amber: 

Well, Bloggers Blog ... and Bloggers cannot help but being interested in their community and who reads their blogs, but beware. The URL's of the referring sites (Definition: A site that lists your blog and recommends by implication other people click on your link to see your content - hence the term 'referral') is given in the Blogger: "Traffic Sources" statistics section. They show up in your site statistics as in not who is visiting you but what "common" web-sites also likes you.

I have a "new" certain Eastern European referrer called:  

"http://www4(dot)savegco-antivir(dot)com"







(Note:The (dot) in the above is so that your browse does not inadvertently "take you there" (officer) - repeat do not go there)

It's a naughty site that tries to tempt you by pretending to be a "You-Tube" style of video site with alluring ladies showing more than the typical You-Tube yard of flesh and then immediately asks you (while you are distracted) to upload a "new" version of Adobe Flash [hit the browser close "x" button top right hand corner gents!] - if you don't a piece of "malware" is heading for you

:(

Then give yourself an anti-virus sweep just to be sure

A better description of what is happening can be found at: 
http://stramaxon.blogspot.co.nz/2012/04/beware-of-ww4dotsavegcoantivirdotcom.html

And the $64,000 question: Are users of these sites really interested in my wargaming site? Answer "no": It is a 'black' server reading of a list of URL's trying to generate back traffic to steal identity information. In effect this is a modified version of a "phish" attack - as in "click me" you'll be rich. Why doesn't Google block it, well from the techie side of things the traffic profile is the same as legitimate referrals, it is only over time can Google detect odd things in traffic patterns - which is a little "after the horse has bolted".

Hope this may serve to be of help to someone

1 comment:

Phil Broeders said...

Thanks for the warning - I'll look out for it.

Phil