Posts Tagged Malicious Web Site
Zeus Grabbing Kaspersky’s Digital Signatures
Posted by Mourad Ben Lakhoua in Anti-Viruses, Cybercrime, News on August 6, 2010
Trend Micro threat researchers has reported detecting several malicious web files that are using a strange digital signature which looks like be signed by antivirus company Kaspersky.
After analyzing the files and there signatures there has been a clear difference between the legitimate signature and fake one, the fake copy includes wrong hash values, and the signature has been expired.
This is not all what has been observed but after examining these web files it has been identified as a malicious ZeuS (ZBOT) variants detected as TSPY_ZBOT.BWP, TROJ_ZBOT.BYM, and TROJ_ZBOT.KJT.
This is not the first case that criminals use the Certificates to sign their web malwares. There has been another case about STUXNET malware that was also signed with a certificate from Realtek Semiconductors Corp. which has been later changed to JMicron Technology.
Now Trend Micro has notified Kaspersky Lab about this incident, while you can read more about Zeus here.
make sure you subscribe to my RSS feed!
Fake YouTube Pages Spreading Malware
Posted by Mourad Ben Lakhoua in Cybercrime, Internet, News, Vulnerabilities & attacks on June 10, 2010
Researchers at eSoft Threat Prevention Team have discovered thousands of fake websites that looks like YouTube. The website contains video which leads to installing a downloader Trojan with a less than 20% detection rate according to Virus Total.
The site is looking very closely to Youtube with a high quality to make it looks legitimate and trick victims. Cybercriminals exploit the trust of users in youtube video hosting to have as much as possible of machine.
The pages contain some “Hot Video”, like Want to see a revealing video about the Gulf oil spill in Mexico or the NBA Finals?
This will attract victims so they agree to install the malicious application with a big possibility that the Antivirus even do not suspect in this file.
According to the eSoft Threat Prevention Team, there are now over 135,000 such sites sprouting up all over the Web this can be found by Google search engine. So do not trust websites and try as much as possible to update your antivirus definition with use web filters to detect and prevent these threats.
make sure you subscribe to my RSS feed!
Blackhat Europe: Fireshark – A Tool To Link the Malicious Web
Posted by Mourad Ben Lakhoua in Tools, Vulnerabilities & attacks, Web Security on April 18, 2010
Stephan Chenette has introduced at BlakHat Europe conference in Barcelona a new utility for Firefox, this plugin called Fireshark. Fireshark is a tool, made up of a Firefox plugin and a set of postprocessing scripts that allows you to capture web traffic from the core of your web browser, enabling you to log events and download content to disk for post-process analysis.
Over the past 12 months the number of compromised website has increased by 225%. Inserting a malicious code on website has become very often to infect users machines or redirecting victims to other malicious resource. Stephan Chenette has demonstrated how Fireshark can solve this problem by giving users list of resources that requires study of website source code.
That’s mean after identifying that the source is suspicious using Fireshark. User can start conducting more in depth analysis to on the website to classify and identify the vulnerability or exploit on the site.
The Information gathered by this plugin is stored locally in a folder under the extension .Yml and you can download the plugin here.
make sure you subscribe to my RSS feed!
Malware Scam on Microsoft Outlook Web Access
Posted by Mourad Ben Lakhoua in Internet, News on October 16, 2009
Websense has warned recently of a serious attack concerning Microsoft Outlook Web Access network service.
Security experts have reported that they had founded emails that contain links to download malicious software, they already detected about 30,000 of these mails daily.
Here is a screen shot of the malicious message:
This is very frequent attack and provides hacker a high level of customization, because the page looks very credible with Microsoft logo and other details, here you can find the screen shot for the website:
Hackers can at this webpage insert any malicious file that can contains Trojan for building botnet and enable them to control the system remotely.
Screen shot sources from Websense security lab website.
make sure you subscribe to my RSS feed!
Waledac Independence Day Theme – New Campaign In The Wild
Posted by Mourad Ben Lakhoua in News on July 3, 2009
Websense Security Labs™ ThreatSeeker™ Network has detected yet another new Waledac campaign theme in the wild. The new variant uses an Independence Day theme as a social engineering mechanism. The United States of America celebrates Independence Day on July 4 each year.
The malicious emails that are sent use subjects and content related to Independence Day, Fourth of July and fireworks shows.
The malicious Web sites in the current attack also have a July 4 or fireworks theme within the domain name. ThreatSeeker has been monitoring the registration of these domains. Should the user click on the video, which is designed to appear to be a YouTube video, an .exe is offered. When downloaded the .exe would install the latest Waledac variant onto the user’s machine.
And at the same time i want to take this opportunity to wish you Happy 4th of July!
[Source: Websense Security Lab]
make sure you subscribe to my RSS feed!
SUBSCRIBE
Latest Comments