Suspended Site Exposed of Serving Malware

A website detected by the security firm Trend Micro reportedly serves malware containing files to the people seeking cracks to some software applications.

Joseph Pacamarra, Threat Analyst at TrendLabs, has mentioned in his blog, published by SCMAGAZINE on June 2, 2009, that the detected site is supposed to provide a wide range of cracks according to the needs of the people. But he said that when any of the files offered is downloaded, it always results into the same page.

Moreover, if a user clicks any program included in the list of allegedly pirated software, they are provided with a link, which transfers a .zip file including two files in the background; both these files being malicious Trojans. Trend Micro reported of the files as TROJ_DLOADER.ZTN. TROJ_DLOADER.ZTN facilitates the downloading of TROJ_DLOADR.AOP and TROJ_AGENT.INC that further link to URLs so as to download more number of malicious files. In fact, some other domain hosted the .zip file, which could cause further trouble.

Pacamarra further noted that if some user tries to open the domain hosting the .zip file, he will be directed to a page that states that the site has been suspended as it has broken the service terms and conditions. Directly linking to file, overlooking the asserted suspension, makes sure that any file on the website may be downloaded successfully.

Pacamarra reported that suspension may not essentially and effectively prevent cyber crooks from making use of the website's directory in the form of a malware warehouse for triggering various other assaults. Criminals might only be using it as a guise to conceal the real aim of the website.

Meanwhile, security experts noted that exploiting software crack site to trigger malware attacks is not a new thing. malware authors and distributors have often made the use of this unique tactic to implant malware on the computers of unsuspecting users when they log on to the websites of legitimate or suspended security firms.

Thus, the need of the hour is that the netizens should increase their awareness level and reach to that position where they could easily decide which site or directory they should visit and from which they should remain far off.

» SPAMfighter News - 6/6/2009