Kaspersky Lab Expert Jorge Mieres has revealed the details of a fake website of the popular system analyzes suspicious files Virustotal, by Hispasec company, touted to infect users through a java worm.
The infection strategies using java script technology are on the agenda and that because of his status as a “hybrid”, criminals looking to expand its coverage of attack recruiting infected computers regardless of the browser or operating system you use.
In terms of criminal activities, the techniques of Drive-by-Download by injecting malicious java script in different websites, are a combo of social engineering that requires users to increasingly sharpen the senses of “detection”.
“In the view of users, the website looks same as the original. However, hidden in the source the parameters needed to infect the system through a java applet through which discharge completely silent malware detected by Kaspersky Lab as Worm.MSIL.Arcdoor.ov,” Mieres explained in a blog post.
“The worm is developed to recruit zombies that will be part of a botnet designed primarily to perform DDoS attacks synflood, httpflood, udpflood and icmpflood. The communication focuses on a C&C that stores information obtained from the victim machine,” he revealed.
Mieres said, “Usually these attacks through a centralized hub from which the attacker manages malicious maneuvers using web applications DDoS Framework such as N0ise (used in this case), Cythosia, or NOPE. Such applications have a high impact and demand in terms of development, especially since the European zone of Germany.”
Infosec India 