A new strain of malware that uses the geolocation service offered by an adult dating website as an easy way to determine the location of infected machines.
Thousands of infected machines in a zombie network all phoned home to the URL promos.fling.com/geo/txt/city.php at the adult hookup site fling.com, security researchers at Websense discovered. Analyst first thought the adult dating site had a botnet command and control channel attached.
All indications are Fling.com is not in on this. The information is “used by the botmaster for statistics or to give different commands to infected machines in certain countries,” Websense researchers said. The security firm said in more than 4,700 samples of the yet unnamed malware behind the attack have gone to its security lab to date.