Websense: large Chinese Internet game community
March 2009 by Websense
Websense Security Labs™ ThreatSeeker™ Network has discovered that a download site supplying free audio chat software to users under Duowan.com has been SEO poisoned with the intention of directing visitors to a malicious site.
Duowan.com is a large Chinese Internet game community which has an Alexa traffic rank of 448. If you search for YY in Baidu.com, the malicious site which is masquerading as the Duowan.com download site appears as the first result.
The search result in Baidu.com:
This is the offical site:
When you click the Download button on the fake site, it directs you to another malicious site to download a file to your computer. This file is reported by most AV products as a Trojan.
Websense Messaging and Websense Web Security customers are protected against this attack.