[News]Japanese P2P virus writer convicted, but escapes jail [News]Seagate Secure Self-Encrypting Laptop Hard Drives Earn NSA Qualification for National Security Syste [News]Supermarket loses 4.2 million credit card details [News]When credit cards put you in jeopardy [News]Symantec, Intel work on security on microchips

Software Categories

Anti-spyware

Antivirus

Encryption

FIREWALL

FREE SOFTWARES

mONITORING & KEYLOGGERS

Other Security Soft

PASSWORD MANAGERS

PRIVACY

Latest News

Japanese P2P virus writer convicted, but escapes jail

Seagate Secure Self-Encrypting Laptop Hard Drives Earn NSA Qualification for National Security Syste

Supermarket loses 4.2 million credit card details

When credit cards put you in jeopardy

Symantec, Intel work on security on microchips

U.N. Internet sites hit by hackers

Study finds kids justify illegal downloads

UK MPs urge Internet firms to tackle cyber "Wild West"

Windows XP: The OS That Won't Die?

'Vista Capable' suit against Microsoft allowed to proceed

Russian malware storm brewing?

Publisher:Gregg Keizer Time:08/04/2007 News From:ComputerWorld

August 02, 2007 - Security researchers at Trend Micro Inc. have spotted a Russian server loaded with more than 400 different pieces of malware that may be poised to launch a large-scale attack through malicious Web sites hosted in Italy.

Chenghuai Lu, a senior threat analyst at the Tokyo-based antivirus vendor, recently uncovered a site with several hundred malicious programs and traced the site's server to a Russian IP address. Among the harbored malware were examples of three Trojan families: Dropper.cko, Clicker.qu and Polycrypt.g. All three clans typically hijack Internet Explorer on compromised PCs and direct users to adult Web sites.

Meanwhile, another Trend Micro researcher, senior software engineer Feike Hacquebord, discovered a large number of Italian-language Web sites that at first glance appeared to be compromised with malicious IFRAMEs, inserts in the HTML coding of a page, often JavaScript, that can hijack a PC whose browser visits the site. On second look, however, the Italian-style sites do not appear to have been hacked but instead were created with the IFRAMEs in mind. According to Trend Micro, the IFRAMES point to the malware-packed Russian site found by Lu.

"Looking at these massive samples of malware, we can't help to think that there's something brewing in Russia," said Carolyn Guevarra, a third researcher at Trend Micro, on the team's blog yesterday. "We have just seen these cybercriminals pull the 'Italian Job' recently," she added. "Are we now seeing a 'Russian Uprising' coming our way?"

Guevarra's Italian comment refers to a large-scale attack about six weeks ago that involved more than 10,000 hacked sites hosted in that country. Those attacks were guided by Mpack, a multistrike exploit tool kit that hackers had deployed on one or more servers; the compromised sites secretly directed users to an Mpack-equipped server, which then tried a number of exploits on the PC.

Trend Micro has blocked the malicious Web sites for its customers and is working to develop more information on the possible attack plot. "More details soon," Guevarra promised.

Home : Downloads : News : Links : Contact us

Software Categories

Sponsored

Latest News