Spammer uses innocent hacked blogs to punt NAKED PICS of JLaw, McKayla Maroney

Gran's knitting site etc sucked up into pr0n spam botnet

iCloud brute force

A long established smut spammer is using hacked websites to sell stolen photographs of naked celebrities including Jennifer Lawrence, Kate Upton and McKayla Maroney.

The miscreant (who uses compromised web servers to host his landing pages) has altered his pitch to include copies of the recently released stolen photographs of celebrities in the nude, including a picture of US Olympic gymnast McKayla Maroney. According to her lawyers she was under 18 at the time the image was made, making it illegal under US and UK child abuse laws.

The porn spammer began hawking stolen photos of celebs on 2 September, just two days after they were posted on 4Chan, according to spam-filtering firm Cloudmark. The cybercrook involved is pulling out all the stops to attract attention to iCloud photo leak follow-up offer, as a blog post by Cloudmark explains.

Initially a static JPEG banner was added to the landing pages, containing nude pictures of Jennifer Lawrence, Kate Upton and McKayla Maroney. On September 11th, the spammer started using a different banner. The new one, still in use, is an animated GIF. It adds a picture of Miley Cyrus to the original images, and alternates these pictures with images of hardcore pornography, using models who resemble the original celebrities. The first image is captioned “JUST IN: HACKED CELEBRITY PHOTOS AND VIDEOS FROM APPLE’S ICLOUD LEAK! HOTTEST NUDE CELEBS EXCLUSIVELY AT [redacted].COM” and the second one is captioned “JUST IN: HACKED CELEBRITY PHOTOS AND VIDEOS FROM APPLE’S ICLOUD LEAK! BIGGEST NUDE CELEBS ARCHIVE ON THE INTERNET FOR JUST $1″.

Reddit has wiped itself clean of leaked celeb nudie pics and even 4chan's denizens have expressed disapproval of follow-up threats to release celebrity nude pictures, which in the case of actress Emma Watson turned out to be a hoax. The crook involved in the celeb naked snap offer is plumbing the depths to exploit the event for his or her own gain.

The spam promoting the hacker's pages is being sent from a worldwide botnet of hacked PCs. The spam itself is very simple. The subject line is blank, and the body contains nothing but a URL, Cloudmark reports.

Several hundred compromised servers have been used for this spam over the past three weeks, including schools and church groups. Many are WordPress sites, so it seems likely that the crook involved is exploiting vulnerabilities (such as this) in the open-source blogging and content management system or its plugins.

While the HTML for the landing page is hosted on the compromised server, the images are hosted elsewhere. The wraparound porn comes from servers in Russia while potential buyers are redirected to US hosted systems.

Since the photograph of Maroney may constitute an illegal explicit photo of a child under US law, Cloudmark has reported the indecent picture sale offer to the National Center for Missing and Exploited Children. ®

Sponsored: Becoming a Pragmatic Security Leader

Biting the hand that feeds IT © 1998–2019