How many of you are using the Google image search for searching your favorite picture?! Beware while searching for "Shield" image. I have come across a new malware/infected page.
Today, I was searching for the "Shield Sword" in Google image search. I got the above image in the result. It is my favorite image. In fact, I've used this for creating my facebook cover image.
I have clicked the picture in order to get the full size. I was waiting for loading image, but instead, i was landed in a page that displays "Please wait page is loading". Damn, i have seen this text everyday since i started my career as Malware analyst. Yes, it is BlackHole Exploit Kit landing page.
Unfortunately, i am browsing from Host machine. I have disabled the Java plug-in but failed to update the other softwares. So , my system got infected.
Once again, i have analyzed the compromised page from my Virtual Machine. The infected page "hxxp://madebybrian.com/scripts/sword-and-shield-cartoon" that contains the following script
Guess what?! The above site is not listed in Blacklisting websites. I have report about this page to google, hope they will remove it soon.
Update 1:
The infected page now redirects o another malicious page "***.turndial.com".
Update 2:
Today, the site redirects to another Malicious page that also hosts the BlackHole Exploit v2.0. Still there is no warning from google and no one else care about that?!
Today, I was searching for the "Shield Sword" in Google image search. I got the above image in the result. It is my favorite image. In fact, I've used this for creating my facebook cover image.
I have clicked the picture in order to get the full size. I was waiting for loading image, but instead, i was landed in a page that displays "Please wait page is loading". Damn, i have seen this text everyday since i started my career as Malware analyst. Yes, it is BlackHole Exploit Kit landing page.
Unfortunately, i am browsing from Host machine. I have disabled the Java plug-in but failed to update the other softwares. So , my system got infected.
Once again, i have analyzed the compromised page from my Virtual Machine. The infected page "hxxp://madebybrian.com/scripts/sword-and-shield-cartoon" that contains the following script
The script redirects to the above site which hosts the latest version of BlackHole Exploit kit v2.0.
The page is still there in the Search Result. If you a normal user try to see the picture, what will happen?! It is hard to realize they are in malware page if their anti virus failed to detect the malware.
Guess what?! The above site is not listed in Blacklisting websites. I have report about this page to google, hope they will remove it soon.
Update 1:
The infected page now redirects o another malicious page "***.turndial.com".
Update 2:
Today, the site redirects to another Malicious page that also hosts the BlackHole Exploit v2.0. Still there is no warning from google and no one else care about that?!
0 comments:
Post a Comment