FeedBurner.com Page Set Up to Serve JavaScript Trojan

Suspicious website

Researchers warn that cybercriminals are abusing FeedBurner, the web feed management service owned by Google, in an effort to distribute malware.

Zscaler experts say that the malicious code is on feeds.feedburner.com/bileblog. A piece of obfuscated JavaScript code (JavaScript Trojan) contains an iFrame that redirects visitors to a website.

From this site, users are automatically directed to another domain called fukbb.com. This site doesn’t appear to be serving anything malicious, but URL scanning tools are flagging it as being suspicious.

Experts believe that most of the attacks relying on malicious JavaScript injected into compromised websites are part of larger campaigns that involve browser exploit kits capable of automating the infection of a large number of sites.

At the time of writing, the security solution installed on my computer blocks feeds.feedburner.com/bileblog. The malicious element is apparently still present.

Additional technical details are available on Zscaler’s blog.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s