Symantec has issued an alert about online movie blogs that may redirect users to malicious website with malware and infecting their PCs, as well as Macs. Read on to find out how you can protect yourself from this.
Internet-savvy users looking for free movies to watch online may unwittingly fall prey to attackers’ latest ruse — using new movie releases to distribute malware — and both Windows and Mac users are equally at risk. Symantec Security Response has observed that this current trick is to host a blog on a reputable website, which in actual fact redirects you to a malicious website hosting malware.
The movie “Obsessed” was released in April 2009 and in order to watch it online for free, users might use keywords such as movie, free, video, online, watch, etc. along with the movie’s name, to search for it. So, a search phrase such as “obsessed movie online free full video” would yield results similar to the following:
If a user clicks on one of the links listed within the first search result, it redirects to a blog hosted on blogspot.com:
Once the user clicks on an image that appears to be a video player window, it redirects to a codec download. Unfortunately this turns out to be a fake codec. More investigation revealed that blogspot.com has been abused by attackers with multiple, similarly styled posts, indicating that these blogs are using similar templates.
For example, the image below shows the blog that was posted for the movie “InkHeart”. This blog used a template similar to the one used in the previous sample and it also redirects users to a website that is hosting malware. These blogs usually redirect users to malicious sites using multiple redirections, enabling cybercriminals to continually change the site that finally delivers the malware.
The table below shows attackers are closely pursuing new movie releases in order to spread malware:
Interestingly enough, the malicious site to which users are being redirected is serving malware for Windows as well as for Mac operating system. For a Windows browser agent it delivers a Trojan intended for the Windows operating system, and for a Mac browser agent it delivers a Trojan for the Mac operating system.
The above image shows the same URL delivering a Win32 Executable for IE8, as well as a .dmg file for Safari4 when the user agent for the Mac operating system is used.
Symantec antivirus products detect this threat as Trojan.Fakeavalert for Windows and as OSX.RSPlug.A for Mac. Symantec customers are protected from this attack with the latest antivirus definitions.
Symantec recommends that users protect themselves from such malware by following best practices:
• Ensure you are adequately protected – arm yourself with strong and updated security software to prevent viruses from attacking your PC. Norton 360 provides all-in-one protection against viruses, worms, hackers and botnets, safeguards against online identity theft and protects important files.
• Always download applications, files, programmes, software updates or codecs from their official sites or from reputable, trustworthy sources.
• Watch out for social engineering tricks. These often trick or tempt individuals to enable malicious code attacks. Exercise caution when visiting any such “free online movies” sites.
Ultimately, your best defence is scepticism and common sense. If something seems wrong or peculiar, it probably is.