|
|
|
Malware Maelstrom Coming from Russia with Love
By: Brian Prince
2007-08-02
Article Rating: / 0
There are 0 user comments on this Network Security & Hardware story.
Security vendors note the rise of malware threats from Russia.A resurgence of malware activity in Russia has caught the eye of security vendors.
Recently, researchers at Trend Micro have found a Russian server hosting some 400 pieces of malware that may be part of a forthcoming large-scale attack, while at least one other vendor reported that the country has quickly moved back up on the list of purveyors of Web-based malware.
Paul Ferguson, network architect at Trend Micro, in Cupertino, Calif., said the company ran across the server, which had a "cornucopia of new malware," the week of July 23. During an investigation, researchers found there were Web sites with malicious iFrames proxying requests for the malware. The Web sites all had Italian-sounding names and Italian content, but actually resided in a hosting facility in Germany, he said.
An iFrame is an HTML element that makes it possible to embed another HTML document inside the main document. In this case, the iFrames are believed to have been deliberately inserted by the owners of the Web sites to snare unsuspecting visitors as part of a porn-for-pay scam, Ferguson said.
"Looking at these massive samples of malware, we cant help [but] think that theres something brewing in Russia," wrote researcher Carolyn Guevarra in a blog posting on Trend Micros Web site. "We have just seen these cyber-criminals pull the Italian Job recently."
The operation dubbed "the Italian Job" by Trend Micro researchers involved some 10,000 Web sites with malicious code that redirected visitors to a server booby-trapped with drive-by exploits. The attack used Italian Web sites more than others.
 Click here to read about a survey that shows how pervasive malware distribution has become.
Researchers at Sophos, headquartered in Abingdon, England, have also reported a rise in Web-based malware from Russia. The companys experts noted in a report about the top 10 Web and e-mail-borne threats for July 2007 that the number of malware-infected Web pages hosted by Russia has increased substantially between June and July, jumping from 3.5 to 14.7 percent.
"This can be explained by the large number of Mal/iFrame and Mal/ObfJS-infected Web pages in Russia that have been compromised to serve as drive-by sites," the report said.
The Sophos report put China at the top of the list with 49.8 percent and the United States in second place with 21.8 percent.
Malware numbers are growing rapidly, in particular adware, spyware and stealthy, targeted attacks, according to officials at McAfee, headquartered in Santa Clara, Calif. In 2000, McAfee Avert Labs counted about 50,000 unique malicious items. That jumped to 100,000 in 2003, and in August 2006, the 200,000 mark was reached. McAfee officials said they expect to see the 300,000th unique piece of malicious software, such as worms, viruses or Trojans, this week.
"This statistic underscores how the malware market has shifted from fame to fortune," said Dave Marcus, security research and communications manager for McAfee Avert Labs. "Bots, adware, spyware and other attacks make up an over $100 billion global market for cyber-crime—surpassing drug trafficking as a global issue from a monetary perspective."
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.
|
|
�������xr8(@fEw
ْ˚-*Ou��EB��!)ܳ'ˊ��O&�t%_k-�D�L$���Iȹ3%�)ٟ(O,z��IjûP�CefAU�M7�J�Զ�O7�RM3i��/���GlJ~x'A���:':B�P̨5MΚOI�}ٚS�7�d2)X�]$$��z@'A�jZw$��l,�P8$H.wH~V�h��e�}N'�J��ߣWn�spSa_ʞ0�IYTb{�Ay2�5��;n3�w2`q�|!�k`T�xpHƶk�MmWW�*cOfn
m`㥨��aP`\�9t}�^-
G�&lw��"�ScOZ$ӡ%�NfI%p/0���G@]õ]��Z.RLeCwt���Pߚ���OM2B�(�$g�>v?%��+�8Q+)K
�?�GN8CEn�O�uؾ�t�w�yH�f�j�t�˜HJ6�ԃ��P2zhN�t,`_�eY7�Ͱ-P6#MT�Z]QJr�G{Qxo9{�ؖbTzEÝ5ݛ_�+UU�q1]�H�QPw;@�VV�0��:$Owu@α�{A~�$Vj;�}�&UJD�Z-i&
0h!5f�ttz�Xw|\3awnFQn4E;J
KHs�=
(2� �,4Y{aG~6t/ޠKݓ^�;l,a�V4*2V]鮙&ȏwAs|qӻo�M:O�Y i
��fV|k!�-�v��mrG��,���.i�TW�ZxS2|%�j]}<>$7�Y�;�gËs�`םBm۲ܽ,BZKEןk�R(E34�i[��2)�?m9�X@/@שS a�4tBm4�mҌ&
�9B:�ºk�N�49�,��蟙$�m�4�@r5�XSl �ROo4| ~ަ�,-|yE�U��>hi"E[8
(J�!bN3̤"ȅ�Q.%-���Ć�>L�bO�yt!zY[5'jtamEi3_��ӲKwi�~v9㧋`Ѕ)3�G#�вnZ�s7MGVm$c*�x\?*CE*GGU, �FKP̶#ؠe)uN��~�G����mNS�}�95ż9�'4�}t>'�$>h&ƋCriYn,�r�Ӈ�wA�>�+Oݺ~L^TŞ+L�Кk��F#m�� &>u�l��8d�$(s>w[L,90(�
�Kc=�ˋ�&0����P6
��� 2/?뇾�aCnH�}�P(�V�r`{Xs9nزc@|j.�J�:�;r-Ea3�CwD�ħ��H.B$(ZȻ�"�!A�lu���[$t X�V0(쎄J9m�W*lJe swJKvn2�V�{T�Kh!+�K@fsfd(4{~6�cbB�|#'f�Xr`Y
�\d+|�i)lc
lԨ[6؛rij�>�Ѵ7;X�K���Һ:�/,$mX� IG��$%\Ew,;t�3�AP�/B1!q"��%�`|EiŬ`�9��Fx 3n6;�9�X0,cFb+H5L��ôLhD�,ioc��5�SN`cܒ~�̜07ÚL ~D�g�詅m>`T4fs)wdmrn)�K7UBsNHB/W2 \_&AB5
6d:ɤPl';oWx*:�#w�T�4�?Ռ{`MLE:a=?�%nQ?�̝S;B�ZsOs�R| ~r-[K�7˦ڏRucb$l�*�veXZ�@�*,6@1V�+,;7�kc:*+�_ii��hH*E6�@\Z3,c��%>!1Ad�a:(im7B=r�=&0_�ܰ�/%UV��fG,mk9^�a5sV@6�@��@�7h��?L �T�lVCax�Z'�Awm�<_�L�\q�ɯ��*'�l|2ː
7s��
C5,��v&�ff:�X[�������'
�+���gе�枥;ˋpp]]�˶4<~&|2^w��Cd�=��0͉V*�a0X6؋T�,a�?7;Hy���SI_(%UMH&�[�b"�ud\6˰@\�k�ʝ��Oa3<(�yR+r�!9�֘I4U�$N\���
ԕ'QQ"~lNa�Dk�5�!70�M�c���LK39>Ԧ�P�7Ϗ9(gdW%d���)>�'HV/굄�ЪZ�Z�U{}|8=e�dLQ�p� < _�Wfaqn,6G/~V�#zChp�>s.��,�|pZE��[�O`��cQ av05;���?U��J?#2ByQ�yhw\rR2
S#<�~Ɋ0
ClW��͵vX�]@�x�V�L���u�O##c�Ye:@�ݐ늦�?�K[+]W�"� V@Q�: �A\=1<
g�`QtEa&Ni/BC[�
PI-~¿rZkB�Z'@
�u�(D���qpᄙ@FSS؇dm/RkK*~e/z&�,_]hD1(dyD4D/=qbk
�lRg�}p�@l#RiC݂5�o�"uy@VI�JYhQv;+X6MONVm(}��^�L�?~W�ޖOlwa�);hi-u�Qjy.Am �/��5r?�]�M;fr/��cSX���dUM0c�3�YhSYlpg#�]Ӟu��Ŝ|{.F����O�#U�IV:Ɲcݸ]xr��ȫ"�~kPi`w��(*��Gq3`s"豥mBt�b#5�Z*l�γ>A��qHlw�_Å�QOR4H9�n�7=R�JR��HǞ1,�]�]2�Y_ޘ{4G�ʈkxG�`dY�J�hU�m{\ c�%e.N1)Q(&v}j;LʪHG٭T�S8�2�V6ZZ�aoaqVZ�F3HU5��E࣏M�#/
PNZCAw$:D|)AU�%UHU*J5�y�U��r4r�O,���ش,6"h -���z�[
ez(̖
K%�4e%3E/쎹-9BX3>&L�~;Atf?
{C {Dκ�g8�(^x_ҸGZ`>&.;��U˯��/;R&FøDo9)��P �K)�#E1>f�t߫]=+coڝNt0lga�hy# @4Qpؿ�p.�zK'5?wD{])�ް%< rDp'Bj>\�$'d�0
srm_G'�6b�7�`�xѤĢ\zF_j,8Eψa6�F4ڇ3k5'Q�֭
Bf-.�3ۿĄBAZΏx�(G��@�RPOh5[#:ys|$;3ĞCIh��!��:Ua2"(BShDO�§,=_9S�%jw E'W%'[7
u{-��:}mN џW`�
e܃�*Vzh'uzH���48|EQG$��rF�1xc�.[�im{
zsHfiR'D[3pu*hKhwCT䵴�f[UHO~D�!��6�OY=�!t�Q^CrVT�rq�]ȩh$}ݟ;V�9FH��S
p/#
�eީӊN�|m��u�ѺB���?ݑC5=ICw5�2e�ucFNj=095y@לρ(|s�9�3<3m�~��`'6"���%j�9G�qXx,>4]v�Y�<^xXN�\�D1t?$a/?�@
.̯�>���H� tD3(o�Y7۸{�.zʜ(=}!GzE>qF.Z�ҟٿ�o[Me'��
CN_۽l9niimǡ8�
��0��^|*4P$EUՊZr�"2�NI�Ja/>8zd�M�#}ݽ��Jf�y��Ӽ2hɘAd�l�7B_7n�C]hj_s����k~Ϥ�W*]c��^R��/ﲧ}VZ�tC.q�F� ^,^RRMJ>^'k��՛@" b]_B�I{O�z[6��N
Ԧ7�12�Y�6A!{��zk��=MA
F���U�h�C�l��8g
#�@�*y�d�\�[w5%pRx65�y�( h4RwV`7�lv4�W
-�~�@�k§!��qZoIIj��wl;ʷ'/G'?[�{kE�|;̕-u�\O�ךT�)�&5�!%h3�[Q@)��wc_ƥ�G/>q�h'pf�o�x? r`f[w!rtVN�U*xB��U!]X
Iݡ#l
XXN.#�6�gU�_
Hކ%�Ao��+i�;}Gէx>&A9a$`�Qxx~0]X&Jv2O2�ZfS-5�NDgX/F��ٿ$aS
B<;R�9;�)CCKdtnl0_zjC>z �鹖��G�`�7%fgt>u~Y)5Bɀ�_��Rp�Z0HE�VbF�
u
^i¡%w?FCn*�z��4;+��Y�8��nK`#,Ϙ�ZU+�;HL9v(�P6œ1ϝ��Qȃn�[3^�-$FH^�#M\`z]�*iGU3ޣ4o�RuL9JCa.�A8r+�8rrS&+K*쌢/N,VJޗ,ג}r'�MeJdG]qh#u�/*I�=ZaI`3:Kj%xN�1"yyN7��J'rLyt} )u2F�?�1a��/!h 6Ñ�L\iGTYpi(ӈ֔xJjpr?~t_tZϨ�s&[P/fdY�'PBbR��AmF|iV�yR?�n o�)r'Nl�)*5P)шs6ʞW�v��4n).�JRgc6
YH�0~�ރ9��QQXX$_�%�ndCSrq1�V~�"[o@bSr0_���Hb�iLO`ͩ�HjY�[}�oC0H�:$��C&�2�#0x-y��Eٕ
�+u
*r]�\gHP�X(!k$��`I]���Ix;���Nz}q�8���0���l%N��8,U(v;Ԛ;?UƶX~Yҕn��P�ЂΆ�]�}wݑFj9Ea���,0S�"�ַ5'L���nmz�Go>�g�=�f@pvo�97Ju^RXC�=��Bb(�I - �lm֮]Ej2ILX�!Jt9p55 놷�>Jg�j�b�PIx�ES`�L?�g��n� B|�N`K\O%K�w_�[3hإ�]�kghU�E2�RqE����M��(K怾I5�ڶ8v{'FK*,rv��_��MX5�UeW&ь7�ì�[e���i�E��k�H�&Ia4"�� V$XMQom8Q�E
xI
`B��-��E8OH�Qhws�x/F;uG�w}��y�g
%?[� =rQHs7�=mO�["
)비6_�� �}2^8m�&�SnL
nBΠ.ka�d;1!v�m[A+=V4)�
m:pXp�ʼnI{_<�@_�1+tѕ[oJY�*[_˯�Yu��=�c�~
BP2oehh6�+Nl�&8�Ǧpь�SqD'�o�re�X�m�u#��=X;k҃%>?w}Lg�;2(P_Fx_ڋK۪__wS}}ߒ`��2�lm/N�ړգYİO`K4X�ъÑBu�sTQ���Dtmq��~1[*{�&n-&�o��,>7��ʁV?P�,�D�Y+
Z�Jy]+jB߷�"|tŒ.�GO<61w_a��i7t�]k�t+��>Ѓg��3B;w�^�?�r}{ι\`{�̏ei
ͬj-%Vd]�%�F
Rd�3�} g;~� ��AG�ut G
Ki�~RJJMT�7"Y`6݊۳jM\tqM��,?z`hnֿ�|ֲ͈s�%.�.=M�_cBqnSq1E
\��Э�B9ϪͲ;IoP}wY?e=a
�'�4u?|q�BJ/Z]{NGȚZGt$bJ w��mm�B+�N.&C^�8E'��:rP�Z-u�F�/�|�T2/b3-ɤ#�@>I�11K=
o 7�pbXD��Z`Oh$�}b c2uFf!&��S��>"�p7�9�λaz������Lp@�Xȟ~[@S ��/�ŧc�L�@Nxj�.~W\Ax��#x7t\$l.cl�סu?䏃Ř
OScP�9$#>Rz}9P�J �Խ��8h�.pgj5ZU%R����H9
d�U� A_��LiI % ��a� k(E�$�+V3F$%dB1f�x�r�{a+bi�r�6_1A�@>{WLQZjm��*�!b3wħX, l�I�F�K �tQ:.�(�� o�I�[PXP؟S��e�4HM)Qw3os# x_bIT4`yn�����F�"O-x�}��5|LM閣fMQ�pV#ߛ�~p�Sg�X�ں9�P>.Wauj0�cal\_d
_T
-Q�9l_t8sM)BW�\��t9'P~�sC��9�?n.?�ZgNCz9CL2�BANg(�ٮu3>�E���"�>"�@�\��9_�^�E�^ ?唟AYNߠo9�P~S�{3 ?9s w3~}?}?��/W�W9q�r_�\��?��9�97�csG9 ?�~r�C�(+��h&��Ku3�Ay;GWpz~;29)�Z9Rȫ_�y+%iNy�sYU�~vïUX^йZ*�7ȑ*sҿw2~2A];u
CFWz�^S_xڝ떽pLڭe]�9hwq_l$�^c/UZG%/dp��V=ןbM�edG,E<�mJ5Bf�aO@{6��D��4��{HO9?|\�z["�G,q> =�P7].�6rqS0n+(�4`
�}撼e�xvY}��j�7#P/Yc�IsDgeg(A#Ѻ`�^l<-u&n\ef(/�@F�A��@ac,�F>^֪_p3�lc}4|
?�;{}>�]?tCg1o'[�*8{:S��
��?|YV&@Y8'Q�?Ѱs�3Pz:}K�H7u)X92l��H-Rie�jR�~ܓJ0lFx@Dd�1'j�UUEVr�p`�VU�r
`"�
^�x|D��emګ.��91C=b�{h8[閾P���=��~B@N- 1"e1 ͛Yʌ�M�Mu?/��{_ۉ�#�H���21�K1@e^&u1*j1f%q<`d��AX�>&=\ʠaC7a,�sv[F��|�v\3">�T�Hg�ŃI`a\m�8N͊I�8�q�0s&>H00�e��4._ƌk,W%f�]3f2�oħOn3E
hkЁu,r�
Hm7g@oN`Xkt$J7B��g��3Σ�>�̆I�W"r'0Mo�ra`O�jB|8=;z|F"6��]ݸ3CK~YxR
��Hn2*)<;:a�Ix
�fB~�.'%лx^�J��.;4m�?��,ˌx�K 41�����sY|ay��x��l���0�DѽaOV,|v�/�G�&�C[0��FK`b?94Ǟ"(ـħ�%IAa�:2�Ş�_ =6}`oP�n3!�%؉GД2�]oX�;SVF����]1�Rz3Aۻ"�^��X?(�xc�läd |ABU}�c�1*�O֝'j�:"QF�6A�}FV垓gg_7�b
Gy&�3@p�+K:s3U)֒�_�/gw�ǁ;K{K9[(�(&�]�a1Jq['}�HRä#��9"%
oPm��JO���+~K`w�
,���CR6�Lp�>�Τ�(A��>X�Z��c.,s(ŬBSd�<�)O?'[nEG\��<>a�iЄ.^p穎T�U|��J��A1Y<�&;z2\S*�C2~�lz$_Oxƪ~SQxr='=���з��57f�8[|���i�zQleVb0��yM&q?�d|E��#b[p!@�pM7*QTĻ
KQ)Yj��%x�d㜙o.9�9je Ǣ8&U]{Gmm<^�:y�l뎮�E�
�h�ym�x�;2 ��FW�c�/ʕbA<\�n2?>%�i#|��@ �(ۉnfT|Q��+@4��WzG5-E6<}܈x~{ݾŀ�
����3L˟]�lׁS#iȅxaW:�6
6�n�v�љ���ߙn3®"vyXO\�A\X3'
ȱ��b@x��=f_q�x�FN|L/�XϜ:s!}ő��YX&�7$�/kte�(n
aa��X�"�:xqeQ�� T,�ݕ0��<_�E!�$o~�V�;~v��?;Jj�zu a�
ѸT\Ɠ�t{�ΆkO�,�ۺqK'~Hы6�EKBӿt �T>U]~H�uK+_/0dF[Wy�&F�{˳̦UZ*$r09d։��&|&�Z2cˤ_�lTr(��
|
Network Security & Hardware 
