The Internet Storm Center blog just ran a piece about a malware vector that hasn’t been discussed enough: the Google Cache.
An ISC blog reader named Greg recounted that he was browsing for information, found a site that was down and pulled up the Google cached page to get what he wanted.
The site was down because of a malware infection and the cached page, with hidden iframes intact, sent him to a malicious site that offered a rogue security product.
ISC blogger Daniel Wesemann wrote “The badware is currently delivered through the domain todolust-dot-com. The EXE changes about twice per hour, and has very low AV coverage (Virustotal). Microsoft and Sunbelt are currently the only two AV tools on Virustotal that do not seem to be perturbed by the rapid morphing of the EXE, and keep catching it reliably.”
ISC blog here.
Dancho Danchev wrote about the cached-malware vector two years ago.
Tom Kelchner