Huge Russian malware attack imminent
Dangerous server holds 400 pieces of malware.
By Gregg Keizer, Computerworld (US online) | Computerworld UK | Published: 11:00, 03 August 2007
Trend Micro says a large-scale security attack could be about to launch on the web after its researchers spotted a Russian server loaded with more than 400 different pieces of malware.
Chenghuai Lu, a senior threat analyst at Trend Micro, has uncovered a site with several hundred malicious programs and traced the site's server to a Russian IP address. Among the harboured malware were examples of three Trojan families: Dropper.cko, Clicker.qu and Polycrypt.g. All three clans typically hijack Internet Explorer on compromised PCs and direct users to adult websites.
Related Articles on Techworld
"Looking at these massive samples of malware, we can't help to think that there's something brewing in Russia," said Carolyn Guevarra, yet another researcher, on the Trend's team blog. "We have just seen these cybercriminals pull the 'Italian Job' recently," she added. "Are we now seeing a 'Russian Uprising' coming our way?"
Guevarra's Italian comment refers to a large-scale attack about six weeks ago that involved more than 10,000 hacked sites hosted in that country. Those attacks were guided by Mpack, a multistrike exploit tool kit that hackers had deployed on one or more servers; the compromised sites secretly directed users to an Mpack-equipped server, which then tried a number of exploits on the PC.
Trend Micro has blocked the malicious websites for its customers and is working to develop more information on the possible attack plot. "More details soon," Guevarra promised.