The Latest in IT Security

Vkontakte plagued by the same security issues as its cousin, Facebook


The day of a security researcher usually starts looking for a lead worth investigating. This one is kind of lame – really – but one has to satisfy their curiosity.

A malicious URL is spreading on Vkontakte (and other social sites), luring people into downloading a so-called picture:

Infected users are posting the URL onto their friends walls. The example below show’s a doctor’s page (I believe this is a total coincidence, although it is well fitted) and his wall, with the offending URL:

The URL seems to change slightly from time to time but inevitably leads to the same place:

This is a redirection that works like this:

The final link is an executable: xn--80aaqrraooq.xn--p1ai/x78aa901_d9ff_640x480.exe

VirusTotal detection (8/43).

When running this file, you will see a picture of a group of teens having a celebration meal:

But that’s not all, of course. The Windows Hosts file is modified in order to redirect traffic going to vkontakte to a third-party instead ( This enables criminals to harvest credentials and spread the links from account to account.

Vkontakte is displaying a security warning when accessing external links:

It’s a reminder that even saucy looking URLs can be dangerous to click on, especially when considering that the human factor always wins…

Jerome Segura

Leave a reply





Latest Comments

Social Networks