FeedBurner.com Page Set Up to Serve JavaScript Trojan

Cybercriminals are abusing the Google feed management service

Researchers warn that cybercriminals are abusing FeedBurner, the web feed management service owned by Google, in an effort to distribute malware.

Zscaler experts say that the malicious code is on feeds.feedburner.com/bileblog. A piece of obfuscated JavaScript code (JavaScript Trojan) contains an iFrame that redirects visitors to a website.

From this site, users are automatically directed to another domain called fukbb.com. This site doesn’t appear to be serving anything malicious, but URL scanning tools are flagging it as being suspicious.

Experts believe that most of the attacks relying on malicious JavaScript injected into compromised websites are part of larger campaigns that involve browser exploit kits capable of automating the infection of a large number of sites.

At the time of writing, the security solution installed on my computer blocks feeds.feedburner.com/bileblog. The malicious element is apparently still present.

Additional technical details are available on Zscaler’s blog.

Hot right now  ·  Latest news