Thursday, June 21, 2012

Malware Carriers Inside Entrecard

Malware Carrier
When my wife’s laptop crashed recently, we suspected it was caused by a malware that was triggered by clicking an Entrecard blog. The suspicion was confirmed when the technician found out several programs that screwed things up.

To avoid these threats next time we drop credits at Entrecard, I tried to identify some of the sites whose owner may not be aware that their blogs are carrying malicious software that can hijack your browser, redirect your search attempts, serve up nasty pop-up ads, track what web sites you visit, and generally shut down your unit.

Along with viruses, one of the biggest threats to computer users on the Internet today is malware. Many of them will reinstall themselves even after you think you have removed them, or hide themselves deep within Windows, making them very difficult to clean.

This post will try to list down Entrecard sites that were identified by both Trend Micro Titanium and Google Chrome as possible carriers of worms, trojans, and everything that can generally wreck havoc on your computer.

According to Trend Micro, there are five identified and confirmed sites that can transmit malicious software or has been involved in online scams or fraud. These sites are the following (no links were included to protect readers):

http://gilbertogalea.com/blog/
http://alrevisacademy.com/
http://divascuisine.com/
http://www.anotherfinemeal.com/
http://www.carolinamomblogger.com/

Malware Carrier
The five sites above were also identified by Google Chrome as malware carriers, but it added three more in the list. Google reported that malicious software may be installed onto my computer if I proceed in opening these three additional blogs. Google further added that if I have visited these sites site in the past or I trust them, it is possible that they have just recently been compromised by a hacker. These sites are:

http://everyday-adventurer.blogspot.com
http://fabulousfrugalista.blogspot.com
http://rattilla.blogspot.com

Malware Carrier
Google specifically mentioned the following:
  • everyday-adventurer.blogspot.com contains content from squirrelqueen2.blogspot.com, a site known to distribute malware.
  • fabulousfrugalista.blogspot.com contains content from www.cincinnaticoupons.net, a site known to distribute malware.
  • rattilla.blogspot.com contains content from squirrelqueen2.blogspot.com, a site known to distribute malware.
You can get infected by clicking the eight sites above because malware often comes bundled with other programs (Kazaa, iMesh, and other file sharing programs seem to be the biggest bundlers). These malware programs usually pop-up ads and send revenue from the ads to the program's authors. Others are installed from websites, pretending to be software needed to view the website. Still others, most notably some of the CoolWebSearch variants, install themselves through holes in Internet Explorer like a virus would, requiring you to do nothing but visit the wrong web page to get infected.

Please take note that the owners of the eight sites above may not be aware that their blogs are infected. However, to avoid contracting the malware, it is advisable not to visit the sites at this time because getting infected with malware is usually much easier than getting rid of it, and once you get malware on your computer it tends to multiply.

For those who are not familiar with Entrecard, it is a network that allows members to place their widget ad on any other blog in the network for one day. The number of days before the ad is displayed is dependent on the cost and popularity of the target site.

Before we end this article, I would like to add another site in the list that we may want to avoid. I’m not sure of the blog name, but the widget looks like this:

Malware Carrier
Whenever you click that site, it will direct you to a porn site located on this address: http://www.onesexaday.com/.

16 comments:

  1. Really?? I am not aware, i already listed the sites you mentioned, thanks for sharing great help.

    ReplyDelete
  2. oh, i am dropping 6 of the blogs you've mentioned...
    thanks for sharing

    ReplyDelete
  3. Right, I too have found the warning 'malware detected' or 'something is not right here' given by my anti-virus software on some of the sites. So far I've been able to escape damage. I'll be very careful now onwards. Thanks a lot for this very useful article.

    ReplyDelete
  4. I have yet to be infected by the sites mentioned. maybe it the Norton 360 v6 that i'm useing tha is protecting me.
    Thanks for the heads up.

    ReplyDelete
  5. Oh, I regularly drop on five of those you mentioned. Now, not sure if my site is already infected. I'm no techie blogger. Thank you for the heads up.

    ReplyDelete
  6. Thank you for sharing! And thanks to Entrecard because it brought me here. I shared it also in my blog.

    ReplyDelete
  7. Thanks for the mention- NOT, however, I do not have malware on my site, have not done anything illegal and google does NOT show any warning, only Trend Micro does, and they do not say where it comes from, offer any proof, don't say what type of problem there might be and Entrecard is the most sketchy ad on my site, the others I run are foodie blogroll and coupons.com through escalate. There is no phishing, no malware, no scams, no fraud, and I wouldn't begin to know how to do any of those things if they were on there. I have run every single scan I can find on my computer (and my paid protection) and they have found nothing, so I am not sure where this is coming from, but I can assure you, my sight is clean.

    I did for a time have a problem (not on divas cuisine) that google chrome caught, that was from displaying someone else's button. Google chrome told me exactly where it came from so I knew what to do to get rid of it.

    I don't display anything but the aforementioned ads on divas cuisine, so I am not sure where the site is getting its erroneous data, but you may want to reconsider trusting a site that offers no proof.

    You said google chrome also said I was dangerous, but when you listed specifics and where they were from you neglected to add that. Since it shows no warning when I open it, I would appreciate it if you would let me know exactly what was mentioned so I can look into it. I would never knowingly infect anyone, and I would avoid opening my own sites if there was a known danger, but without even a hint of proof I can't even check it out. Would appreciate anything (proofwise) you can add, I will be more than happy to look into it as I would never, ever want to cause harm, even unintentionally.

    Sherry from divascuisine.com & myloonyverse.com
    email is discriminating_diva at yahoo dot com

    ReplyDelete
  8. Perhaps this is a bit off topic but in any case I have been surfing about your blog and it looks really neat. impassioned about your writing. I am creating a new blog and hard-pressed to make it appear great and supply excellent articles. I have discovered a lot on your site and I look forward to additional updates and will be back.
    http://scarprinnow.com

    ReplyDelete
  9. Hi Sherry. I'm sorry about this, but if you are talking about divascuisine.com, it's a site blocked by Trend Micro whether I use Firefox or Chrome. I don't have any problems with your other site, myloonyverse.com. Trend Micro did not give me any details aside from the one mentioned above. Google Chrome did not offer much since Trend Micro offered the first line of defense.

    ReplyDelete
  10. Thanks for making such a killer blog. I arrive on here all the time and am floored with the fresh information here! You are great!
    www.fadeplex.com

    ReplyDelete
  11. Battle the Bots! Dop ECs only on blogs you know and trust! Spread the word! DETAILS

    ReplyDelete
  12. A very informative article and lots of really honest and forthright comments made! This certainly got me thinking a lot about this issue so thanks a lot for posting!
    we buy houses

    ReplyDelete
  13. I dont even understand how I finished up here, but I thought this post was once good. I do not recognize who you are but certainly you are going to a well-known blogger for those who are not already. Cheers!plagiarismsoftware

    ReplyDelete
  14. Considerably the article is in reality the greatest on this noteworthy topic. I agree with your conclusions and will eagerly look forward to your next updates. Saying thanks will not just be sufficient for the wonderful clarity in your writing. I will immediately grab your rss feed to stay privy of any updates!
    Quick House Sale San Antonio

    ReplyDelete
  15. The difference between the right word and the almost right word is more than just a fine line! it's like the difference between a lightning bug and the lightning!
    Home Buyer San Antonio

    ReplyDelete
  16. Nice Post. Thanks for sharing. But I will share a helpful tips. Misplaced Yahoo Leading get ranking or perhaps Struggling to acquiring Initial Page ranking. One of the most difficulty powering that is copy articles. Thus, I would really like to be able to advise an individual verify the items usually are not Plagiarized. Verify simply by Plagiarism Software

    ReplyDelete