FeedBurner.com Page Set Up to Serve JavaScript Trojan

Cybercriminals are abusing the Google feed management service

By on December 27th, 2013 21:56 GMT

Researchers warn that cybercriminals are abusing FeedBurner, the web feed management service owned by Google, in an effort to distribute malware.

Zscaler experts say that the malicious code is on feeds.feedburner.com/bileblog. A piece of obfuscated JavaScript code (JavaScript Trojan) contains an iFrame that redirects visitors to a website.

From this site, users are automatically directed to another domain called fukbb.com. This site doesn’t appear to be serving anything malicious, but URL scanning tools are flagging it as being suspicious.

Experts believe that most of the attacks relying on malicious JavaScript injected into compromised websites are part of larger campaigns that involve browser exploit kits capable of automating the infection of a large number of sites.

At the time of writing, the security solution installed on my computer blocks feeds.feedburner.com/bileblog. The malicious element is apparently still present.

Additional technical details are available on Zscaler’s blog.
Suspicious website
   Suspicious website
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments