14 DAY TRIAL // Security researchers are warning that the popular social bookmarking service Digg is being abused by malware distributors by creating fake news stories and promoting them, or by posting malicious comments to legit entries. Most of them lead to malware masquerading as a video codec.
Panda Security analysts say this technique is similar to that of the popular Internet meme known as Rickrolling, which involves posting serious comments that appear to relate to the content, but actually point to the music video of Rick Astley's 1987 song "Never Gonna Give You Up."
Digg follows a long list of popular online services abused by cyber criminals. We previously reported about services such as Google Video, Google Calendar, Google Code, Picasa Web Albums, LinkedIn, Twitter, or Facebook being used to distribute malware through various techniques.
Attackers favor them because they have a lot of daily visitors, which means an increased pool of potential victims, but also a high pagerank in the search engines. This means that when posting fake content on these services, chances are that it will be returned at the top of search results. These tactics are collectively known as blackhat SEO (search engine optimization).
"Over the past few months we have noticed attacker efforts to maximize blackhat SEO tactics and increase infection rates at the same time," Sean-Paul Correll, a threat surveillance specialist at Panda Security, warns. Regarding the Digg bogus comments, the analyst says that the attackers are likely to be using automated tools to formulate them, which is reflected by the inconsistencies in some of the alleged related content being generated.
Independent Security Consultant and active security blogger Dancho Danchev has been keeping track of the fake comment activity on Digg for the past year. He has counted over 500,000 malicious comments pointing to fake video codec-serving websites, most adult in nature. He has even had them split up in comments per malicious domains. According to the researcher, 22 of the domains are still active today.
The malware being offered to unsuspecting users as a codec required to view an online video is actually a dropper for adware promoting scareware. Scareware consists of rogue security programs advertised through scare tactics. The user receives fake security alerts that instruct them to install such a program in order to clean their computers. Once installed, the software proceeds to display a fake scanning process at the end of which it lists various security threats that are obviously not real. In order to clean them, the program asks for a license to be purchased.
Panda identifies a new version of MS Antispyware 2009 as being one of the rogue programs being pushed through the malicious comments. Digg users are advised to exercise extra caution when trusting links found in comments.