I uncovered a very large number of sites that are pushing malware using a smart disguise.
Webcams sometime ask the user to install a program in order to view them. This is exactly what the creators of those malicious pages are banking on. Except that users will install a Trojan on their computers instead.
Some of the pages I found infect you directly with an exploit while others prompt you to run a Java applet:
The back-end code found on the pages is very similar to this:
I did Google searches to find the infected links – which was kind of time consuming – and here are the ones I found so far:
All in all, you will eventually notice that most pages reuse the same template. They only need to update the link to the payload.
While this Java applet infection is not new (I remember documenting the “AMLMAFOIEA” Java applet), the use of the Webcam along with tempting pictures seems like a good combo to attract many unsuspecting users.
Leave a reply