The Dirt on Digg

Social networking sites are becoming increasingly popular with cybercriminals. And now Digg.com has joined the ranks of Web 2.0 services being used to lure unsuspecting visitors to malicious sites.

Both bogus accounts and compromised legitimate accounts are being used to post messages and comments which lead to malware-serving domains. Unlike some other recent attacks, Digg’s comment spam does not point to websites which attempt to exploit vulnerabilities; rather, the websites simply entice visitors to install a fake video codec. The spammers appear to be using scripts to auto-generate comments which have some relevance to the subject matter at hand. For example, a legitimate story about Paris Hilton (Hmmm. Is there such a thing?) may be accompanied by a comment which links to a video supposedly featuring Miss Hilton enagaged in some form of activity – which, of course, can only be viewed if a special “codec” is installed.

In addition to luring visitors directly from Digg the comment spam also acts as a form of blackhat SEO, increasing search engine rankings which results in even more unsuspecting surfers finding their way to the malicious websites.

Security consultant Dancho Danchev has identified more than 500,000 comments which point to malicious domains (see here for the complete listing).

Digg is not the only Web 2.0 service to have been abused by cybercriminals. Facebook, MySpace, Twitter, ImageShack and even LinkedIn have all been used in one way or another to launch attacks against their visitors. This trend is not at all surprising. Social networks provide attackers with an easy way to connect with a large number of people – many of which may be young and not particularly cautious.

An up-to-date AV, a patched browser and a dollop of common sense are, as always, the recipe for a successful defence.