• Home
  • About 404TS
  • Contact

404 Tech Support

Where IT Help is Found

  • Articles
    • Code
    • Entertainment
    • Going Green
    • Hardware, Gadgets, and Products
    • Management
    • Network
    • News
    • Operating Systems
    • Security and Privacy
    • Software
    • System Administration
    • Talking Points
    • Tech Solutions
    • Web
    • Webmaster
  • Reviews
  • Media
    • Infographics
    • Videos
  • Tech Events
  • Tools
    • How do I find my IP address?
    • Browser and plugin tests
  • Get a Technical Consultation
You are here: Home / Media / Domain typo squatting spreads malware as Pinterest Tool

Domain typo squatting spreads malware as Pinterest Tool

2012-07-10 by Jason

Pinterest is a fast-growing social network with a demographic that is of much interest to advertisers. Unfortunately, they are also of interest to malicious folks spreading malware and building botnets. Last night, my wife stumbled upon something that looked awfully suspicious while she was browsing Pinterest. With a bit of digging, I found an attempt to make the setup less conspicuous with the results redirecting to a similar-looking domain that said “You must install the Pinterest Tool to view this recipe. To continue, install the tool and enjoy more features of our site.”

From my novice investigation, the pins on Pinterest were all submitted within the last 24 hours by a single users. Some of those pinning were then repinned by others. This means those folks either repinned based on the picture alone or they clicked through, installed the “tool”, and are now infected.

This post contains unlinked URLs to suspicious sites and should not be visited manually.

The scheme starts off simple. A Pinterest user posts a good looking picture of a food item. If you hover over the image, you will see the URL it takes you to is a little weird but not that suspicious. In the case of these malware pins, the links went to a variety of blogspot blogs with a food blog sounding subdomain like icanhasrecipe.blogspot.com.

It then builds by passing two parameters, r and u. ‘R’ being a generated code and ‘U’ being the URL to the actual recipe at a site like TasteofHome.com. The url looks like icanhasrecipe.blogspot.com/?r=13498asd987149087&u=http://tasteofhome.com Nothing to conspicuous that a casual user would notice something wrong.

The blogspot sites then use Javascript to check for the parameters being passed in. If they exist, they redirect to the Pinterest typo domain site: pintrerets.com. If the r parameter does not exist in the URL, the browser loads the actual Blogger page – usually with one junk post of some keyboard mashing.

Once you are at the pintrerets site, it will determine your browser. If you are using Firefox, it will display the “Install the Pinterest Tool” site otherwise it will redirect to the actual Pinterest.com as seen when visiting the site with both IE and Chrome.

If you click to install the tool, it will try to load an add-on for Firefox coming from a cdn1dload.com domain.

Grabbing the 2KB .xpi addon file from another browser and examining it as I learned with updating Firefox addons, I was able to see that the addon monitors when you load a page and inserts information into the header. It also builds a random domain and runs a function with botnet in the name. The extension pulls more files from the cdn1dload.com site like /firefox/js.php.

This was not the first time that site has been analyzed with previous reports indicating a variety of browser exploits found on the site. The site was analyzed back in early May. The blogspot blogs were created in April. Most of the spreading Pinterest user’s activity was done in the past 24 hours. It seems like this scam has been long building and still going. It would be nice to take a more proactive attempt to stopping these things from spreading. I have reported the malware to Google and Pinterest. Hopefully they will be interested in removing this malicious activity from the growing Pinterest community.

With Pinterest’s high click-through rate, it is likely to continue being a target in the future for delivering malware and misleading users. Your browser’s status bar may continue to be your best tool to prevent visiting a suspicious site.

Filed Under: Media, Security and Privacy

Trending

  • Server 2012: “You must use the Role Management Tool to install or configure Microsoft .NET”
    In Software, Tech Solutions
  • XKCD hits the Nail On The Head for Troubleshooting
    In Entertainment, Tech Solutions
  • A robot adventure unfolds in 404 Not Found: A Coloring Book by The Oatmeal
    In Featured, Hardware, Gadgets, and Products

Latest Media Posts

Find Out Where To Download SNES ROMs

Find Out Where To Download SNES ROMs

Multifunctional Video Conversion Tools – Wondershare Video Converter

Multifunctional Video Conversion Tools – Wondershare Video Converter

  • Popular
  • Latest
  • Today Week Month All
  • SOLVED: “This modification is not allowed because the selection is locked.” SOLVED: "This modification is not allowed because the selection is locked."
  • Increase IIS Private Memory Limit to improve WSUS availability Increase IIS Private Memory Limit to improve WSUS availability
  • What is the AllJoyn Router Service on Windows 10? What is the AllJoyn Router Service on Windows 10?
  • Troubleshooting time synchronization for domain-joined computers Troubleshooting time synchronization for domain-joined computers
  • Creating and editing views in phpMyAdmin Creating and editing views in phpMyAdmin
  • Top Essential Gadgets For College Students Top Essential Gadgets For College Students
  • How to Experience the Internet Safely How to Experience the Internet Safely
  • Find Out Where To Download SNES ROMs Find Out Where To Download SNES ROMs
  • Why Should You Have a Company VPN Why Should You Have a Company VPN
  • 5 Steps to a Nearly Paperless Office 5 Steps to a Nearly Paperless Office
Ajax spinner

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Recent Posts

  • Top Essential Gadgets For College Students
  • How to Experience the Internet Safely
  • Find Out Where To Download SNES ROMs

Search

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.

Copyright © 2019 · Magazine Pro Theme on Genesis Framework · WordPress · Log in