Russian Web Server With 400 MalwareSecurity researchers working on a study at Trend Micro, the anti-virus firm, have found a Web server in Russia currently hosting nearly 400 malware, and a number of Italian Websites connected to the malicious server. The discovery is capable of setting off a massive attack. Chenghuai Lu, Trend Micro's senior threat analyst, has unfolded a website holding hundreds of malicious programs. Lu has determined the IP address of the server hosting the site to Russia, reported ComputerWorldUK on August 3, 2007. Among these malware, there were variants of some Trojan families viz., Polycrypt.g, Clicker.qu, and Dropper.cko. These are designed to capture the Internet Explorer browser on hacked computers and then take surfers to pornographic websites. In the meantime, Feike Hacquebord, Trend Micro's senior software engineer, said that Websites, which appear to look like Italian sites, contain iFrames that is used to insert JavaScript in the HTML coding of a Web page to compromise a computer whose browser connects to the malicious site and from there to the Russian Web server. These websites seem to rest in a German hosting facility with registration information linking to an e-mail address of Russian origin, reported ComputerWorldUK on August 3, 2007. These huge malware specimens leads one to believe that something hot is boiling in Russia, stated Carolyn Guevarra, researcher, Trend Micro. Pocket-lint published Guevarra's statement on August 3, 2007. There has been a recent instance of cyber criminals launching the 'Italian Job' assault, Guevarra added. According to Trend Micro researchers, while the greater number of malware the Russian server hosts seem to be duplicates of each other, there are three groups that lead to adult Websites on a victim's browser. The company has also found some Web pages in Italian language that have malicious code. These too seem to connect to the Russian server. In July 2007, said Trend Micro, a Web attack infected Websites (numbering in thousands). The sites were mostly Italian. The company was monitoring the recent situation and has turned off the malware-laden websites. It has also taken steps to prevent any new malware from the Russian server. Related article: Russian Hackers Break into NOAA to Push Pills » SPAMfighter News - 8/16/2007 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
