NOW READ THIS
("Security Advisory")

Go Back

---

Submitted by: Bill Hickey
NCVA List Master

NRT-0274 Russian Malware Server Found:

Security researchers at Trend Micro Inc. have spotted a Russian server loaded with more than 400 different pieces of malware that may be poised to launch a large-scale attack through malicious web sites hosted in Italy. A senior threat analyst at the Tokyo-based antivirus vendor recently uncovered the site, with several hundred malicious programs, and traced the site's server to a Russian IP address. Among the harbored malware were examples of three Trojan families: Dropper.cko, Clicker.qu, and Polycrypt.g. All three clans typically hijack Internet Explorer on compromised PCs and direct users to adult web sites. Meanwhile, another Trend Micro researcher discovered a large number of Italian-language web sites that at first glance appeared to be compromised with malicious IFRAMEs, inserts in the HTML coding of a page, often JavaScript, that can hijack a PC whose browser visits the site. On second look, however, the Italian-style sites do not appear to have been hacked but instead were created with the IFRAMEs in mind. According to Trend Micro, the IFRAMES point to the malware-packed Russian site.

(ComputerWorld 02AUG07)

Last Modified: Tuesday, 07-Aug-2007 21:15:27 EDT