This campaign was spotted by Ryan G., security operations tech, on 12/8/09 at 9:59 pm.
Ryan noted that the campaign:
- Randomly obfuscated javascript redirects Tricks user to downloading ‘video codec’ (actually a virus) to view pornography. The campaign is coming from a large distribution of IPs (budding botnet)
- All hosted off of blogspot accounts, and it seems to bypass their spam filters
- Doesn’t seem to be coming in all that fast, which is likely to reduce detection rates
A sample included the following Body Text:
<BODY>
<a href=3D”http://aduevamargalaj.blogspot.com“>Daily Updated Collection Of =
Free XXX Streaming Movies Blowjob, Masturbation, Brunette, MILF, Group, Vin=
tage And Many Other XXX Clips</a>
A curvy woman posing on the couch, Blonde MILF action movies, Classic actio=
n movies, A cheating housewife doing a man she met online, Two girlfriends =
posing and teasing in public, A big butt amateur poser, Party girls in acti=
on, Girls next door in teasing and action pics
