14 DAY TRIAL // Security researchers from GFI Labs warn that scareware distributors are abusing SourceForge to host malicious pages that direct visitors to PDF exploits.
The campaign is the work of people behind the FakeRean family of malicious applications that pose as fake security products and trick users to buy useless licenses.
"This family also alters the infected system's registry quite extensively and drops lots of component and shortcut files, among other things.
"What sets FakeRean apart from the usual rogues is its ability to hijack a file association for executable (.EXE) files, which allows it to reappear every time an application is run," the GFI security researchers explain.
FakeRean pushers are abusing the customizable SourceForge user pages feature to distribute their scareware. The rogue pages are designed to look as adult sites and ask visitors to confirm that they are at least 18 years old by clicking a button.
Doing so takes visitors to a site that attempts to exploit a vulnerability in older versions of Adobe Reader. If the attack is successful, a FakeRean variant is silently installed on the computer.
The fake SourceForge project pages are filled with keywords corresponding to adult content. The domains's good standing on Google help's push them up in search results.
In addition to SourceForge, the gang behind this campaign is also abusing other public services, such as Twitter, Flickr, Yahoo!, Scribd, TED, Formspring, Posterous or Box.net.
"We advise Internet users to be careful when clicking image and text links online. Be extra careful, if not steer clear all together, when visiting online profiles hosted on any site that look suspicious," the GFI researchers write.
Keeping your programs up to date is critically important because drive-by download attacks are one of the primary malware infection vectors. Updates for programs that are accessible from the web, like Adobe Reader, Flash Player, Java, the browsers and the operating systems themselves, should be a priority.