Select Page

Update:  Looks like we’re all clear — malicious links have been removed.

A month ago, we blogged about FakeRean (a very nasty malware/rogue antivirus) being served by PHP spam off of Sourceforge.net. We figured something would happen.

Well, nothing happened.

We’re still seeing hardcore and lolita porn spam on Sourceforge.  It’s all PHP hacks, which points to sloppy moderation and site stewardship; worse, this is not just junk spam like “buy Russian handbags”, but rather, redirects to sites that often serve malware.

Case in point is this spam promising lolita porn. 

Sourceforge1931841238123

In this case, clicking “Yes I am 18+” (which a majority of under 18’s do anyway), you get redirected to one of a variety of porn sites, often serving malware.  (In fact, it doesn’t really matter if you click “No” or “Yes”, you still get redirected.) 

Using basic reputation hijacking, a Google search redirect is used:

hxxp://www.google.com/url?sa=D&q=http://  seoholding.  com/12/commonground&usg=AFQjCNGnwpgXRDmIHULLMas4fJSt0f3FSg

And this all lands one at a variety of sites, of which we show a few (we’ve turned off images in the browswer as it’s all a bit ghastly).

Sourceforge1931841238123a

Sourceforge1931841238123b

These sites will either push a download of the “movie” or ask to “update your flash player”.  In any event, it’s malware.

Sourceforge1931841238123c

Detection rates are fairly poor: Fake MPEG, Fake Flash Player

Another reason why doing some basic google searches on your own site can really help clean things up for the Internet at large. 

Alex Eckelberry