Criminals Launched Massive Hacking Attack on Websites
After Gumblar, another major incident of hacking a massive number of websites has recently been detected by the security researchers at Trend Micro. Most importantly, it has also raised the concern to the same level as the previous one.
Successful exploitation, further leads to the downloading of some more malicious files detected as TROJ_MEDPINCH.A and TROJ_MEDPINCH.B by the security firm.
As per the security experts, TROJ_MEDPINCH.B links to some URLs so as to download information stealers - TSPY_LDPINCH.CBS and SPYW_IEWATCHER. While TROJ_MEDPINCH.A facilitates the downloading of another information stealer called TSPY_LDPINCH.ASG, which steals the users' account details.
This spyware illegally obtains user password, user names, and account as well as installation details of applications, viz. Opera Software, Mirabilis ICQ, INETCOMM Server, Trillian, The Bat! and Total Commander.
Although the incident made its occurrence just a few days after Gumblar, its domain goes without the mention of Gumblar.
It is noteworthy that the security firm ScanSafe found that the attack of Gumblar commenced in March 2009. In the attack, websites were hacked and malicious code was implanted on them. According to reports, the malware attacking the sites evolved from "gumblar.cn" domain - a China-based domain related to Latvian and Russian IP addresses which were sending malicious code from the British servers.
Finally, the malicious URLs have already been blocked by Trend Micro and users are advised to patch their PCs so as to diminish the probability of any exploit.
Related article: Criminals Hack With More Evil Tactics
» SPAMfighter News - 08-06-2009