- Nov 5, 2011
- 5,855
.
Fake AV: .ru sites used for redirections topic here ..
Fake AV: .ru sites used for redirections : on zscaler.com : http://research.zscaler.com/2012/02/fake-av-ru-sites-used-for-redirections.html
QUOTE:
'This past month, I've seen an increase in hijacked sites redirecting to a Fake AV page. These attacks typically involves three separate phases:
1.The hijacked website redirects users coming from a Google search to an external domain.
2.A website redirects users to the Fake AV page or to a harmless site (mostly bing.com and google.com) depending upon the referer in step #1. This page adds a cookie using JavaScript, and reads it immediately, to make sure the page was accessed by a real browser that supports both JavaScript and cookies.
3.The fake AV page is delivered.' ..
Fake AV: .ru sites used for redirections topic here ..
Fake AV: .ru sites used for redirections : on zscaler.com : http://research.zscaler.com/2012/02/fake-av-ru-sites-used-for-redirections.html
QUOTE:
'This past month, I've seen an increase in hijacked sites redirecting to a Fake AV page. These attacks typically involves three separate phases:
1.The hijacked website redirects users coming from a Google search to an external domain.
2.A website redirects users to the Fake AV page or to a harmless site (mostly bing.com and google.com) depending upon the referer in step #1. This page adds a cookie using JavaScript, and reads it immediately, to make sure the page was accessed by a real browser that supports both JavaScript and cookies.
3.The fake AV page is delivered.' ..