A new spam botnet troubles users, especially those looking to see more of the “spicy” material overrated names like Britney Spears and Paris Hilton could deliver. The botnet uses emails embedded with bogus Britney Spears and Paris Hilton Google search links leading users to malware hosted by the infamous Russian Business Network (RBN).
According to the popular security provider BitDefender the e-mails do not embed a typical URL link as they should, but apparently use Google search result links such as 'www. google .com/pagead/iclk?...' so that they dodge url-based spam filters.
What the new spam botnet does is direct users to a site promising explicit videos of celebrities including ‘New naked Britney video’ and ‘Paris Hilton New Video Auditioning Topless’ (like there would be anything new to see there) which hosts malware.
If you did “manage’ to download and execute the malicious code, dubbed Trojan.Downloader.Exchange.A, the result will be more malware downloaded and executed.
As BitDefender’s Defence Center blog informs us, when users check the link, they will be showed a link to Google, however Google in turn redirects to the site specified as parameter in the URL.
The blog states that “Google uses these types of URL's to redirect users who click on advertisement served up by Google's AdSense program, however insufficient parameter validation means that malware authors can modify the URL and use it to redirect users to arbitrary sites.”
The same security company reveals that the malware host, RBN is known as a safe shelter for spammers and malware writers worldwide.
Known as celebrity spam due to its use of notorious names such as Britney Spears and Paris Hilton's (who can possibly guess why), this type of malware has been using this method to lure users into accessing malicious links with increasing success.
