Computer Security Global Security Mag Online anti virus spywares job oofers telecom and network security

En francais English Language
Security Vulnerability Malware Update Product Reviews Business News MAGIC QUADRANT Market News
WHITE PAPER Special Reports Opinion EVENTS Diary Guide & Podcast
Jobs International News CONTACTS TRAINING    
1 - 2 December: Open World Forum in Paris
Subscribe to our
free NewsLetter
30 November: Radware 2008 Annual General Meeting of Shareholders


N°5 - November 2008
Next Issues
Subscriptions - Publicity

Google

 Flux RSS
 











Trend Micro: Compromised Sites ‘Heath’ It Up
January 2008  by Trend Micro
No sooner had the world learned of the untimely death of actor Heath Ledger (Brokeback Mountain) than malware authors started using the late actor’s name as a social engineering ploy.

Within hours of these reports, Research Project Manager Ivan Macalintal discovered a couple of malicious URLs that turn up when users key in the search terms ‘heath’ and ‘ledger’:

This is very similar to the poisoned Google searches reported last Christmas. If a user clicks on any of the links, he is led to the following SEO-riddled page:

However, the user doesn’t even get to see this, as this page automatically redirects to another site. This site requires the user to download a ‘new version of ActiveX Object.’ As expected, this is just the beginning of a series of redirections that end in the download of different malicious files (like TROJ_RENOS.LZ in one infection chain, and WORM_NUCRP.GEN in another).

There seems to be a bigger story behind this particular attack. Upon deeper analysis, researchers find reason to believe that these malicious URLs are among those resulting from the suspected hacking of Web servers of a certain Czech hosting provider. Hacked sites residing in these servers carry a malicious JavaScript code (detected by Trend Micro as JS_DLOADER.DAT), which, when accessed, follow the same redirection algorithm as the Heath Ledger links above.

Piggybacking on newsworthy events is not new. A month ago, malware authors also bucked on the assassination of Pakistan Prime Minister Benazir Bhutto. In this case, malware authors simply used news of Ledger’s death to jumpstart massive redirections as they know many people are wont to do searches on this hot news item.

Trend Micro’s Web Threat Protection provides various defenses at different points of the infection story: our Web Filtering technology blocks access to malicious sites, and our scan engine detects the JavaScript launching the attack, and the files which this malware attempts to eventually download onto the affected system.

Communication with Czech CERT has already been initiated by our analysts to properly inform affected parties in this massive hacking incident.


< previous      next >














home mail ?
Home Contact About

 
Stay informed with Global Security Mag newsletters
copyright® 2007 S.I.M. Publicité
S'identifier  ADMIN

IT security solution(s), IT security , anti virus, IT security protection, virus, job offer/employment , network security news, network security , IT security magazine, virus alert, special report on IT security/IT security feature, IT security project, biometry, telecom network security, spyware security/spyware protection, trojan information, trojan, IT intrusion, spam, email security, anti-spam software, firewall security/firewall protection, firewall, telecom security, hackers/cyber criminals, trojan horse, storage, SAN, FNA, IT backup, hacker, cryptography, ISO 27001, ISO 17779, single sign-one, authentification, vulenrability, VoIP, ToIP, videosurveillance, SAAS, virtualization, SAAS, dematerialization