Fresh PC-Trojan still more Dangerous; BitDefender

One fresh PC-Trojan that aims attacks against banks, currently, acts still more dangerously, as it utilizes compromised Internet sites during the process of its loading, warn researchers from BitDefender the security company.

Specifically, according to the company, soon as the compromised site is accessed, it displays one harmless-looking HTML web-page, which in reality contains Trojan.JS.QOS. There's also a message that requests the visitor to wait till the loading is complete, while one deceptive JavaScript gets concealed, which diverts the user onto yet one more destructive JavaScript.

Actually, this new JavaScript identified as Trojan.JS.Redirector.YF has been named js.js, which's saved inside a folder having an arbitrarily-produced name.

Security researchers at BitDefender state that apparently this second JavaScript is installed onto several servers, which as such support sanitized websites, possibly after a theft of File Transfer Protocol (FTP) credentials. The only objective of this script is to divert end-users through different redirects and ultimately land them on the attack site.

This attack site also an HTML page having Trojan.HTML.Downloader.Agent.NBF implants one Java applet featuring Exploit.Java.CVE-2010-0840.P, the much familiar CVE-2010-0840 vulnerability's front, with the vulnerability abused for pulling down and planting Trojan.Zbot.HTQ a Zbot sample onto the hijacked computers, BitDefender states.

Discussing further about the malware that's the last to be installed, the security company says that Zbot, another name for ZeuS, WSNPoem or ZeuSBot represents one banking Trojan that facilitates backdoor creation as also possesses server capabilities. The activities of this malware include gathering bank-related details; accessed websites' histories; login data; as also other sensitive information. Occasionally it captures the desktop's screenshots while on the hijacked system, BitDefender explains. Gmanetwork.com published this on March 10, 2012.

Disturbingly, according to BitDefender's experts, it's because of these kinds of sophisticated operations, which cause malware to increase online.

However, for avoiding getting contaminated with such malware, BitDefender urges PC-operators not to access websites that simply emerge from nowhere. Most significantly, incase an online site diverts onto a different web-location, it must be closed instantly. And finally, Web-surfers must maintain an up-to-date Java Runtime so they won't get victimized with any of the above Internet-based activities, the security company concludes.

Related article: Fark.com Files Suit against Suspected Hacker from Fox13

» SPAMfighter News - 3/17/2012