Hit movies such as Man of Steel and World War Z are being used as bait to lure victims to spam pages on document-sharing site Slideshare, according to a report in The Register.
Numerous pages promising “streaming sites” have appeared on the document-sharing site, offering links to streams of hit films, disguised by URL-shortening services. The links deliver, instead, still images of what looks like a movie player paused at the beginning of the film – then persuade visitors to sign up for a “streaming service”.
Threat Tracks blogger Chris Boyd reports that “hundreds” of visitors are being drawn to the spam pages within hours of their being posted online.
The use of the document-sharing service for spam is not new, though, according to ESET Senior Research Fellow David Harley.
“I first came across Slideshare a few years ago when our Latin American research team discovered malware being distributed on the site, passed off as a cracked version of our software,” says Harley. “And a couple of days ago Threat Track Labs blogger Chris Boyd reported that the site was being exploited by spammers using fake movies to promote streaming sites and services, tricking would-be movie viewers into subscribing to services by promising them movies that aren’t yet available. (Boyd told John Leyden of The Register that “Most likely it’s out of control affiliates attempting to drive traffic to the sites, whether the advertised movies are there or not.”)
“While you might assume from the name that Slideshare is all about sharing presentations, it actually allows the sharing of a range of ‘documents, PDFs, videos and webinars.’ Perhaps even video footage of Wimbledon hopefuls ‘sliding’ on the court into undignified positions. So it’s hardly surprising that it attracts misuse from time to time (and not only during the tennis season).”
“The good news is that we’ve found Slideshare very responsive when alerted to such problems in the past. The not so good news is that a site with that much traffic can get a lot of hits – and victims – before even the most responsive administrators get to hear about it and take action. (And that might tell you something about online repositories in general that rely on their users to tell them when something malicious is hiding on their site.)”
“On that earlier occasion, the blackhat in question had managed to post 2,473 slides incorporating malicious links before he was stepped on, as this graphic illustrates.
“Perhaps it’s worth quoting part of that blog – by Sebastián Bortnik, Pierre-Marc Bureau and myself – from 2009.”
“More than ever, you need to be careful in carrying out downloads from the Internet, as any platform may suddenly be found to be used or misused to propagate malicious code…The situation may be exacerbated by the fact that Powerpoint is generally regarded as a “safe” format, even though it can be misused in a number of ways to carry malicious code (macros, embedded files and so on)…[It’s] not just a question of whether the file is innocent: it’s also a matter of realizing that an uninfected document may carry a link to a dangerous site.”
“In this case, we’re probably looking at a more organized attack from more than one source, rather than a single bad actor, and that suggests that there will be more attacks like this (and not only on slideshare.net).”
Author Rob Waugh, We Live Security