Having tracked the various ways malware is hosted on the site, it appears most popular with attackers targeting Spanish- and Portuguese-speaking audiences. We have seen targeted attacks with fake YouTube email lures in Portuguese that link to malware hosted on Slide.com.
Screenshot of Portuguese YouTube Lure:
We have also been tracking several Trojans that connect and download more malware from Slide.com. The Trojans connect to a Web site to read a config file, and then download more malware. The malware is then spread via email. Many of the email messages include links to malware hosted at Slide.com.
Screenshot of Config File:
Apparently, Slide.com does not check file types uploaded to the site. On a Slide.com page that hosts malware, the malware is served as "Content-Type: image/jpeg". The Linux file command, however, identifies the file as "MS-DOS executable PE .... PECompact2 compressed".
Screenshot of WGET of URL:
Screenshot of File Command:
Security Researcher: Ali Mesdaq