Digg.com: We Terminate Malware Accounts
A security expert claims that cybercriminals are using Digg.com to spread malware.
Once again, hackers are using celebrity names in order to get people to download malware onto their PCs. This time, they are using the popular news aggregator Digg.com, according to PandaLabs threat researcher Sean-Paul Correll's blog.
Correll told InternetNews.com that he found 52 accounts posting news stories or comments with malicious URLs. Many of these accounts purport to be news items about celebrities, including actors Christian Bale and Alyssa Milano, singer Britney Spears and Paris Hilton.
They contain a link to a video about the celebrity that takes victims to one of several sites that downloads the Adware/VideoPlay fake anti-malware, or scareware, package when the user clicks on it, Correll said.
"While we don't comment on specific accounts in order to protect the privacy of our community, malware accounts reported to us by the community are terminated immediately and all content is removed," Burton said. "To date, we have terminated more than 300 accounts for malware."
However, terminating the accounts does not mean the problem has been solved, Correll warned. "We're sure there's still some more accounts out there," he said. "The attackers make scripts that can automatically submit these."
The Digg.com attacks download the MS Antispyware 2009 scareware package to victims' PCs. This pretends to scan the PCs, then tells victims the PCs are infected with malware. It then asks the victim to pay by credit card to have the malware removed.
The scareware distributors may find themselves in Microsoft's (NASDAQ: MSFT) gun sights soon, as the vendor recently teamed up with the attorney general of Washington, Rob McKenna, to crack down on scareware.
This article was first published on InternetNews.com.