Trend Micro Reports Attack on Over Half a Million Web Pages Worldwide
May 14th, 2008 Leave a comment Visited 29 times, 1 so far today
[New Delhi, May 14, 2008] – Trend Micro has identified over half a million Web pages that have been compromised by a Web attack. Affected websites are injected with a malware script (JS_SMALL.QT) resulting from a poor PHP Bulletin Board (aka, phpBB, a popular Internet forum software program) implementation. Upon visiting affected websites, visitors are infected with a variant of the ZLOB family (TROJ_ZLOB.CCW) which poses as a video codec installer. When users download the purported video codecs they are actually downloading several Trojan horse programs:
* TROJ_DNSCHANG.CS
* TROJ_ALUREON.AE
* TROJ_ALUREON.AH
* TROJ_ALUREON.AI
These types of Trojans are known for changing an affected system’s DNS server and Internet browser settings, thus making the system vulnerable to additional threats.
Many of the Websites have already been compromised with fake pharmaceutical and pornographic spam. It appears that the first infection occurred in February 2008. The infections appear to have been carried out in forums and guest books. The original forum and guest book pages are now inaccessible as they redirect visitors to a porn site to download the fake video codec.
According to Ivan Macalintal, Trend Micro Advanced Threats Research Manager, “This attack is similar to the Web threat attacks we are seeing worldwide: just visiting a compromised site leads to a series of redirections that causes the downloading of malware.”
The malware is hosted on servers located in Columbus (OH), Concord (CA) and Moscow. This attack is potentially the work of a Russian/Ukranian criminal gang that have initiated previous ZLOB attacks over the course of the past year.
Trend Micro Web threat protection technology already blocks possible infection by preventing access to the malicious pages. The malware listed above is also included in the latest pattern file, offering further protection.
For more information about this and other threats, please visit: http://blog.trendmicro.com
For concerned users, Trend Micro has made available a new tool, Web Protection Add On, to help further protect users. To download the tool please visit:
http://us.trendmicro.com/us/products/enterprise/web-protection-add-on/. Users can also scan their computers with HouseCall, Trend Micro’s free online malware scanner available from http://housecall.trendmicro.com.
For further information please contact:
Media Contact:
Trend Micro,
Connie Kou, Regional PR & Marcom Manager, APAC, connie_kou {at} trend.com(.)tw, +886-2-2378 9666 ext. 1629
Edelman Singapore/Hong Kong/India /Malaysia/Australia
TBD
About Trend Micro:
Trend Micro Incorporated, a global leader in Internet content security, focuses on securing the exchange of digital information for businesses and consumers. A pioneer and industry vanguard, Trend Micro is advancing integrated threat management technology to protect operational continuity, personal information, and property from malware, spam, data leaks and the newest Web threats. Its flexible solutions, available in multiple form factors, are supported 24/7 by threat intelligence experts around the globe. A transnational company, with headquarters in Tokyo, Trend Micro’s trusted security solutions are sold through its business partners worldwide.
http://apac.trendmicro.com
|
TechWhack on Facebook
|
