The Latest in IT Security

Vkontakte plagued by the same security issues as its cousin, Facebook


The day of a security researcher usually starts looking for a lead worth investigating. This one is kind of lame – really – but one has to satisfy their curiosity.

A malicious URL is spreading on Vkontakte (and other social sites), luring people into downloading a so-called picture:

Infected users are posting the URL onto their friends walls. The example below show’s a doctor’s page (I believe this is a total coincidence, although it is well fitted) and his wall, with the offending URL:

The URL seems to change slightly from time to time but inevitably leads to the same place:

This is a redirection that works like this:

The final link is an executable: xn--80aaqrraooq.xn--p1ai/x78aa901_d9ff_640x480.exe

VirusTotal detection (8/43).

When running this file, you will see a picture of a group of teens having a celebration meal:

But that’s not all, of course. The Windows Hosts file is modified in order to redirect traffic going to vkontakte to a third-party instead ( This enables criminals to harvest credentials and spread the links from account to account.

Vkontakte is displaying a security warning when accessing external links:

It’s a reminder that even saucy looking URLs can be dangerous to click on, especially when considering that the human factor always wins…

Jerome Segura

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments