SCCyberworld

Friday, May 16, 2008

There’s no such thing as free porn

Over half a million web pages attacked worldwide

Kuala Lumpur, May 14, 2008 – Trend Micro has identified over half a million Web pages that have been compromised by a Web attack. Many of the Websites, mostly forums and guest books, were compromised with fake pharmaceutical and pornographic spam.

The original forum and guest book pages redirect visitors to a porn site. There, users are lured into installing a video codec by presenting itself as being necessary to view free porn.
Unfortunately users expecting explicit videos will instead get a slew of Trojans detected as the following:

TROJ_DNSCHANG.CS

TROJ_ALUREON.AE

TROJ_ALUREON.AH

TROJ_ALUREON.AI


These types of Trojans are known for changing an affected system’s DNS server and Internet browser settings, thus making the system vulnerable to additional threats.
Trend Micro Advanced Threats Research Manager, Ivan Macalintal, found the malicious script JS_SMALL.QT injected into various Web sites believed to be either using poorly implemented PHP Bulletin Board (aka, phpBB, a popular Internet forum software program), or are using older, exploitable versions of the said program. Upon visiting affected websites, visitors are infected with a variant of the ZLOB family (TROJ_ZLOB.CCW) which poses as a video codec installer.
In the past, some of these compromised sites were found to have been riddled with “phake pharma” and porn comment spam, while others were seen to be previously defaced by underground hackers. The malware is hosted on servers located in Columbus (OH), Concord (CA) and Moscow. This attack is potentially the work of a Russian/Ukranian criminal gang that have initiated previous ZLOB attacks over the course of the past year.
According to Ivan Macalintal, “This attack is similar to the Web threat attacks we are seeing worldwide: just visiting a compromised site leads to a series of redirections that causes the downloading of malware.”Trend Micro Web threat protection technology already blocks possible infection by preventing access to the malicious pages.
The malware listed above is also included in the latest pattern file, offering further protection. And as always, users are advised to display extra caution when browsing Web sites, and ensure their security software is up to date.
For more information about this and other threats, please visit: http://blog.trendmicro.com/
For concerned users, Trend Micro has made available a new tool, Web Protection Add On, to help further protect users. To download the tool please visit: http://us.trendmicro.com/us/products/enterprise/web-protection-add-on/. Users can also scan their computers with HouseCall, Trend Micro’s free online malware scanner available from http://housecall.trendmicro.com/.

No comments: