Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Security

July 16th, 2010, 12:20 GMT · By

Government Domains Point to Adult Content

SHARE:

Adjust text size:


FLVDirect affiliates abuse .gov domains to push adware
Enlarge picture
Security researchers warn that various domains in the .gov space had their DNS hijacked and are hosting pages that redirect users to adult websites. The hijacking seems to be part of a scheme to push FLVDirect adware.

Apparently, FLVDirect affiliates are abusing several government domains, including, but not limited to yanceycountync.gov, uppersiouxcommunity-nsn.gov, woodfin-nc.gov, dumontnj.gov and emporia-kansas.gov to trick users into downloading and installing adware on their computers. The attackers have managed to create sub-domains of the form tubes-####.* (where # is a single digit) on all of the affected domains.

“It looks like their DNS has been hijacked and those sub domains point to servers that are not under their control,” researchers from Sunbelt Software, who analyzed the attack, write. Pages hosted on the rogue sub-domains are riddled with keywords and being used in a black hat search engine optimization (BHSEO) campaign to poison search results for queries related to adult content. Such techniques are commonly employed by cyber crooks to infect unsupecting users looking for information on current events with scareware.

Visiting any of the pages hosted on the rogue sub domains redirects users to either a FLVDirect affiliate site promising hundreds of hours of adult videos for free or an adult dating community. FLVDirect is well known piece of adware – an application designed to display unsolicited ads once installed on a computer.

“Adware:Win32/FlvDirect is the detection for a file that installs the program 'FlvDirect Media Player'. This program is usually bundled with another adware program detected as Adware:Win32/LoudMo. These installers contain an ID, which can be monitored; the more installers are deployed, the more an affiliate company is paid for deploying the installer,” Microsoft explains.

All the sub-domains appear to be hosted on a server responding to 66.49.238.80. This IP address belongs to a company called Canaca-com Inc, which sells Web hosting and VPS hosting services.

You can follow the editor on Twitter @lconstantin

TELL US WHAT YOU THINK:

2,124 hits · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


Dormant South Korean Botnet Attacks Governmental Websites Again
Many Argentinian Governmental Websites Abused
Department of the Treasury Website Rigged to Exploit Visitors
Army Website Compromised Through SQL Injection
Cyberattack Targets Polish Government Systems

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use