Internet threat level: 1
Home→Blog→Virus Watch→April 08 2010→Benign Feature, Malicious Use
Benign Feature, Malicious Use
Unfortunately this simple and smart proxy technique are being largely used by brazilian malware writers to redirect infected users to malicious hosts serving phishing pages of financial institutions. A .pac script URL is configured in the browser, in the field “Use automatic configuration script”:
After being infected by a Trojan banker, if a user tries to access some of the websites listed in the script, they will be redirected to a phishing domain hosted at the malicious proxy server.
A lot of the Brazilian malware is using this trick nowadays. Not only Internet Explorer users are affected, but also users of Firefox and Chrome. The malware changes the file prefs.js, inserting the malicious proxy in it:
This particular family of malware is detected and removed by our products with names such as Trojan.Bat.Proxy.
|
2010 Apr 11, 03:33
Detection of malicious .pac file requests Could it be possible for example to implement some sort of string matching for the Web AV module of Kaspersky products to proactively detect a "malicious" .pac file (as opposed to blacklisting the URL)? |
|
5 |
|
1 |
Re: Re: Detection of malicious .pac file requests
Dmitry, thank you for your reply.
It is good to know that the PDM.BSS detection is being put to good use. I have not found any documentation describing this technology, but it has usually only been triggered in my testing during "Fake-av" type infections, so it is reassuring to know that it covers other malware family behaviours too.
2010 Apr 13, 14:44
Does Kasperky detect .ZIP file logs? I am using windows vista ultima and, does Kasperky Internet Security detect ZIP.CRA.BAT file viruses? I heard about this type of virus, it steals card numbers. Heard about it from a friend of a friend who is a 'virus expert'. He said it's a new type of virus. Please reply. I'm a newbie here! =) ( I know I am posting this comment in the wrong page, I just need to know what is this virus.) |
|
0 |
Re: Does Kasperky detect .ZIP file logs?
Hi Ammar,
It is hard to say what this virus does just from the name of the file, but by the extension it suggests that this is a batch file, a script that executes commands on the machine it is being run on.
Kaspersky does not discriminate against malware and will detect all malware which is known to it..so if you have a file sample of what you think is malware and it is not detected, submit it to the viruslab using this form: http://support.kaspersky.com/virlab/helpdesk.html
|
2010 Aug 11, 12:43
Does this family affect users of Mac OS X? > This particular family of malware is detected and removed by our products with |
|
0 |
Analysis
Blog
© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.