The Latest in IT Security

Joulupata action

14
Dec
2012

It’s Christmas time! Time for charity!

In Finland, the most popular Christmas charity is run by the local salvation army. Their campaign is called Joulupata. And as you might expect, they have a website at www.joulupata.fi.

Earlier today, if you googled for ‘joulupata’, the first search result looked unusual:

joulupata

Looks dangerous. So let’s visit the site with wget and set the http referer to www.google.com so the site believes we arrived via Google.

joulupata

/tds/in.cgi – this sounds like the Sutra TDS (Traffic Distribution System). This kit is often used to distribute malware and spam via hacked websites. In this case, there was no malware, just a redirect to a website called Replicavips.

If you would have visited the site without having google.com as the referer, you would just end up on the unmodified joulupata.fi frontpage.

And what’s on Replicavips? It’s a site where you can purchase counterfeit watches. Don’t go there.

joulupata

The TDS site has been blacklisted by F-Secure and relevant parties have been notified. Be careful out there.

Thanks to tpaavola for the tip.

Leave a reply


Categories

TUESDAY, OCTOBER 23, 2018
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks