Dating Site Acts as GPS for Malware

Wednesday, May 9, 2012 @ 02:05 PM gHale


A new strain of malware that uses the geolocation service offered by an adult dating website as an easy way to determine the location of infected machines.

Thousands of infected machines in a zombie network all phoned home to the URL promos.fling.com/geo/txt/city.php at the adult hookup site fling.com, security researchers at Websense discovered. Analyst first thought the adult dating site had a botnet command and control channel attached.

RELATED STORIES
Node.js Fixes Java Security Holes
Malware Looks to Steal Market Share
Using Malware for Recon Work
Russian Cybercrime Consolidates, Grows

However, after a more detailed look at the traffic from an infected machine, it showed JavaScript code built into the malware queries fling’s systems in order to discover the exact location – state, city, latitude and longitude – of infected PCs.

All indications are Fling.com is not in on this. The information is “used by the botmaster for statistics or to give different commands to infected machines in certain countries,” Websense researchers said. The security firm said in more than 4,700 samples of the yet unnamed malware behind the attack have gone to its security lab to date.



Leave a Reply

You must be logged in to post a comment.