Phony VirusTotal Website Pushes Malicious Software: Kaspersky
Investigators at Kaspersky Lab the security company have warned that a phony VirusTotal online site is spreading malware.
It may be noted that VirusTotal is one widely used facility with which computer operators can scan files using numerous anti-virus engines. A huge number of professionals as well as routine end-users use this website nearly everyday.
Typically, the fake website, which Kaspersky investigators spotted, appears identical to the original VirusTotal site and encourages visitors for executing a malicious Java applet.
This applet doesn't have a signature from an authorized certificate; therefore the fake site asks end-users to confirm after running it, albeit the impact isn't too varied as evident from the same type of assaults over the past.
The applet essentially represents an installer of Java-based Trojans, which spreads a malicious program that Kaspersky Lab has detected as Worm.MSIL.Arcdoor.ov.
Telling more about the said assault, Kaspersky stated that the worm's objective was to infect PCs and recruit them to a botnet through which Distributed Denial-of-Service (DDoS) attacks would be carried out. Also, the infected PCs would exchange messages with the command-and-control (C&C) server regarding their type, hostname, operating software version etc., the company added. Net-security.org published this on May 24, 2011.
Kaspersky stressed that normally the above kind of assaults took place via one main hub that was used for the attacker to work out hostile maneuvers with the help of Cythosia or NOise viz. names of web-software DDoS Framework. Those software programs made an extensive impact and thus raised their demand amidst hackers mainly from Germany, Kaspersky continued.
However, identifying the above online danger as proactive, the security company goes on with investigating into the offensive operations.
Eventually, exploitation of VirusTotal's brand name for disseminating malware isn't something new. During February 2010 too, according to security specialists, cyber-crooks utilized a phony VirusTotal site so they could spread 'scareware' to contaminate users' computers.
Related article: PM’s Official Web Site Targeted By Hackers
» SPAMfighter News - 03-06-2011