Security research organization PandsLabs says cyber crooks are infiltrating the popular Digg news-sharing online community.


According to the official PandaLabs Blog, baddies are signing up as regular Digg members but are recommending links to Web sites designed to entice visitors to clink on links that will install malware on their computers:

Malware distributors have been creating false stories with catchy subject lines as an attempt to bait … users into clicking links leading to an infection. In some cases, the attackers do not create the news story themselves, [but] link to others’ relevant content.

Those who click on a malicious Digg item may be promoted to download a plug-in or some other application to ‘allow them to view’ the promised site. What’s really downloaded , though, is a trojan bug that lets the baddies take control of your com0puter and use it for their purposes — usually, infecting still more computers and broadcasting spam.

Other scams apparently seek to sell bogus security software by generating warning pop-ups saying the user’s computer is infected. This is a social engineering scam playing on the user’s fear of getting a virus or other digital infection. When the user pays for the software advertised in the pop-up, the bogus site goes through the motions, indicating the ‘software’ is performing a scan-and-clean operation, and then sends the user on to the legitimate Web site the user expected to visit in the first place. The problem is, there never was an infection and the ‘software’ the user bought never really existed. It’s a total con job, from start to finish.

Digg Community Manager Jen Burton told the AFP news agency earlier this week, “We are fully aware of the issue at hand and have already taken action.”

She confirmed that at least 300 Digg accounts suspected of spreading malware have already been closed down.

Leave a Reply