Zenith Live 2019 Keynotes Watch Now
Zenith Live 2019 Keynotes Watch Now
Blogs > Security Research

Adobe Groups Abused


By: ThreatLabz


Adobe Groups Abused

We've seen Google Groups and a host of other sites that permit user driven content to redirect to malware or other nonsense. This morning I saw a rash of Adobe Groups posts redirecting to fake pharmacy sites (pharms / pills sites). For example:

... most all postids between (that's more than 2K posts!) ...

Users that follow the links visit a page that looks like:

Clicking on the advertisement takes you to the pharm redirector:
hxxp://online-shop24h.com/shop/go.php?sid=133 (has groups.adobe.com referer)
302 redirects to the pharm: hxxp://www.best-medshop.com (USID tracking cookie is set)

online-shop24h.com domain registration info:

best-medshop.com domain registration info:

The lesson here is that if you or your company is going to start a "Groups" page (or any site that allows user driven content to be published onto your site), you need to have a mechanism in place to validate the content / prevent this sort of abuse. I sent a note to Adobe notifying them of this problem.

Suggested Blogs