Infested stock message boards and a quick response

Sometimes, surprising events in the financial news draw users to the message boards. On Yahoo!, individual stock message boards are usually a safe haven for posting and browsing.
Right now, one stock at the Yahoo finance site appeared to have an almost 60% drop for the day. Instead, the company might be performing a reverse split with little notice. There is no news headline about a reverse split for the company, so the next logical step would be to check out the message boards and see what other users might be sharing.

Once on the message boards, a user may fall for friendly advice like “This Video Forecast should help“”(link intentionally removed). DO NOT FOLLOW THESE LINKS RIGHT NOW. We decided to follow these links once we saw them. After following one of them, our goat lab systems became totally infected by malware and completely unusable. Adware, worms, multiple processes and more were overloading the system’s capacity. We can only post an image at this point of the link to the infecting site (DO NOT VISIT THESE LINKS). These attackers are acting quickly on the confusing financial news:

UPDATE: It seems that the web links spammed to the message boards may be linked to a handful of web servers that were compromised. For example, here is a list of spammed links to another message board. We highlight one in particular in red:

Here is the web page at the highlighted link’s destination, apparently revealing a compromised site. Most likely, the malware and exploits served up at these sites were the result of compromised servers:

The operators of these sites seem to be on top of the problem, and almost all of the links we’re visiting are now cleaned up.

These short lived and effective attacks can ruin your day. They lurk in the most unexpected of places, not just the adult and warez sites. Be sure to keep your security solutions updated.

This entry was posted in Online Fraud. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>