Vanessa Hudgens: not very good in Sucker Punch, but wonderful for spreading rogue AV and other nonsense on a number of cut and paste blogs.
Many of these blogs appear to be hosted on Typepad, usually taking the form of “celebrity name,random numbers(dot)typepad(dot)com”. Typically, the end user will stumble upon these sites by searching for things like “Vanessa Hudgens scandal site” then wandering into a collection of redirects, porn adverts and rogue AV installers.
For example, vanessahudgens507(dot)typepad(dot)com.
Click to Enlarge
Hitting the links provided will bounce the user through a chain of websites until they arrive at a rogue AV scan located at hardscanerjupm(dot)cz(dot)cc.
Click to Enlarge
Depending on geographical location, the user may instead end up on a “My eyes, the goggles do nothing” style porno site which I’m sure will look very fetching in their browser history.
Elsewhere, we have various downloads up for grabs that you’re probably better off not grabbing. For example, becjjruhvx(dot)typepad(dot)com/blog.
Downloading a crack from some random website? Yeah, that’s going to end well.
Or not.
VirusTotal currently pegs that one at 10/41, and we catch it as virtool.win32.obfuscator.da!e (v). If you’re wondering, it’s a Trojan that typically installs DNS Changer and other junk depending on how badly the attacker wants to mess up your PC.
Here’s another one, found at latrinal(dot)typepad(dot)com:
Click to Enlarge
You really don’t want any of this on your computer. Treat blogs with celebrity name / random number mashups in the URL with suspicion, and steer clear of keygen / cracks while you’re at it.
You knew that already though, right?
Christopher Boyd (thanks to Adam Thomas and Patrick Jordan for finding the above)