Pro-Israeli Website Gets Koobface Captured Passwords

According to Webroot the Information Technology security company, its researchers have identified a website supporting Israeli policies as getting passwords which a social networking virus Koobface is stealing. Koobface has been into existence since over 12 months.

The virus, which utilizes the website, hosts malevolent files. Not only that, it also functions as a proxy C&C (command and control) server needed to run its botnet.

Back in May this year (2010), the name of the compromised website, migdal.org.il appeared on several online sites and blog posts that provided the series of domain names exploited for hosting malicious software. At that time the Koobface botnet started employing compromised servers for disseminating its malevolent program files.

What's more, since that month, while delivering a number of payloads onto infected PCs, the Koobface has been thrusting an information stealing Trojan as well. That Trojan is identified as migdal.org.il.ex, which sends the captured passwords collected from contaminated PCs straight in the direction of the server, migdal.org.il that's situated at a United Kingdom Internet Service Provider.

Security Company Webroot, which closely examined the Migdal malware said that it appeared as a quite classic information stealer just like Zbot or SpyEye although it seemed unique from both those widely prevalent Trojans.

Stated Senior Security Researcher Andrew Brandt at Webroot that it also appeared that Migdal was a Jewish/French association which gave aid along with resources to Israeli border guards as well as to the country's children. In addition, its (the association's) leadership criticized numerous concessions of Israel which Palestinians negotiators had solicited when the process for peace was on, he said. InfoSecurity.com published this in news on September 3, 2010.

Brandt questioned if the Koobface goons had started using political issues, alternatively simply took advantage of a favorable circumstance using a discarded website.

In the meantime, earlier Brandt had blogged that it was indeed noteworthy that those perpetrating Koobface purposely drew attention towards the specific domain name via calling the Trojan in that name. However, the actual motives of the gang were easily discernible, the researcher had added. Webroot Threat Blogs published this on September 2, 2010.

» SPAMfighter News - 9/13/2010