Update: Looks like we’re all clear — malicious links have been removed.
A month ago, we blogged about FakeRean (a very nasty malware/rogue antivirus) being served by PHP spam off of Sourceforge.net. We figured something would happen.
Well, nothing happened.
We’re still seeing hardcore and lolita porn spam on Sourceforge. It’s all PHP hacks, which points to sloppy moderation and site stewardship; worse, this is not just junk spam like “buy Russian handbags”, but rather, redirects to sites that often serve malware.
Case in point is this spam promising lolita porn.
In this case, clicking “Yes I am 18+” (which a majority of under 18’s do anyway), you get redirected to one of a variety of porn sites, often serving malware. (In fact, it doesn’t really matter if you click “No” or “Yes”, you still get redirected.)
Using basic reputation hijacking, a Google search redirect is used:
hxxp://www.google.com/url?sa=D&q=http:// seoholding. com/12/commonground&usg=AFQjCNGnwpgXRDmIHULLMas4fJSt0f3FSg
And this all lands one at a variety of sites, of which we show a few (we’ve turned off images in the browswer as it’s all a bit ghastly).
These sites will either push a download of the “movie” or ask to “update your flash player”. In any event, it’s malware.
Detection rates are fairly poor: Fake MPEG, Fake Flash Player.
Another reason why doing some basic google searches on your own site can really help clean things up for the Internet at large.
Alex Eckelberry