Zscalerのブログ

Zscalerの最新ブログ情報を受信

購読する
Security Research

Adobe Groups Abused

image
THREATLABZ
May 17, 2010 - 1 分で読了
ImageWe've seen Google Groups and a host of other sites that permit user driven content to redirect to malware or other nonsense. This morning I saw a rash of Adobe Groups posts redirecting to fake pharmacy sites (pharms / pills sites). For example:

hxxp://groups.adobe.com/index.cfm?event=post.display&postid=22600
... most all postids between (that's more than 2K posts!) ...
hxxp://groups.adobe.com/index.cfm?event=post.display&postid=25000


Users that follow the links visit a page that looks like:

Image
Clicking on the advertisement takes you to the pharm redirector:
hxxp://online-shop24h.com/shop/go.php?sid=133 (has groups.adobe.com referer)
302 redirects to the pharm: hxxp://www.best-medshop.com (USID tracking cookie is set)

Image
online-shop24h.com domain registration info:
Image
best-medshop.com domain registration info:
Image
The lesson here is that if you or your company is going to start a "Groups" page (or any site that allows user driven content to be published onto your site), you need to have a mechanism in place to validate the content / prevent this sort of abuse. I sent a note to Adobe notifying them of this problem.
form submtited
お読みいただきありがとうございました

このブログは役に立ちましたか?

Zscalerの最新ブログ情報を受信

このフォームを送信することで、Zscalerのプライバシー ポリシーに同意したものとみなされます。