|
|
|
Malware Maelstrom Coming from Russia with Love
By: Brian Prince
2007-08-02
Article Rating: / 0
There are 0 user comments on this Network Security & Hardware story.
Security vendors note the rise of malware threats from Russia.A resurgence of malware activity in Russia has caught the eye of security vendors.
Recently, researchers at Trend Micro have found a Russian server hosting some 400 pieces of malware that may be part of a forthcoming large-scale attack, while at least one other vendor reported that the country has quickly moved back up on the list of purveyors of Web-based malware.
Paul Ferguson, network architect at Trend Micro, in Cupertino, Calif., said the company ran across the server, which had a "cornucopia of new malware," the week of July 23. During an investigation, researchers found there were Web sites with malicious iFrames proxying requests for the malware. The Web sites all had Italian-sounding names and Italian content, but actually resided in a hosting facility in Germany, he said.
An iFrame is an HTML element that makes it possible to embed another HTML document inside the main document. In this case, the iFrames are believed to have been deliberately inserted by the owners of the Web sites to snare unsuspecting visitors as part of a porn-for-pay scam, Ferguson said.
"Looking at these massive samples of malware, we cant help [but] think that theres something brewing in Russia," wrote researcher Carolyn Guevarra in a blog posting on Trend Micros Web site. "We have just seen these cyber-criminals pull the Italian Job recently."
The operation dubbed "the Italian Job" by Trend Micro researchers involved some 10,000 Web sites with malicious code that redirected visitors to a server booby-trapped with drive-by exploits. The attack used Italian Web sites more than others.
 Click here to read about a survey that shows how pervasive malware distribution has become.
Researchers at Sophos, headquartered in Abingdon, England, have also reported a rise in Web-based malware from Russia. The companys experts noted in a report about the top 10 Web and e-mail-borne threats for July 2007 that the number of malware-infected Web pages hosted by Russia has increased substantially between June and July, jumping from 3.5 to 14.7 percent.
"This can be explained by the large number of Mal/iFrame and Mal/ObfJS-infected Web pages in Russia that have been compromised to serve as drive-by sites," the report said.
The Sophos report put China at the top of the list with 49.8 percent and the United States in second place with 21.8 percent.
Malware numbers are growing rapidly, in particular adware, spyware and stealthy, targeted attacks, according to officials at McAfee, headquartered in Santa Clara, Calif. In 2000, McAfee Avert Labs counted about 50,000 unique malicious items. That jumped to 100,000 in 2003, and in August 2006, the 200,000 mark was reached. McAfee officials said they expect to see the 300,000th unique piece of malicious software, such as worms, viruses or Trojans, this week.
"This statistic underscores how the malware market has shifted from fame to fortune," said Dave Marcus, security research and communications manager for McAfee Avert Labs. "Bots, adware, spyware and other attacks make up an over $100 billion global market for cyber-crime—surpassing drug trafficking as a global issue from a monetary perspective."
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.
|
|
�������xr80�VӮc�]mT!rYST婎PP$$M�{%Ο�� 7](ɗ%H �D"λ$i9cr3ݩk��j.�?�!�[f8i�TE[�]ߤ~�Am;t� =4mFNHB��}@~sfw��K�`OS;SM�uɄZIК�ؕ>}~qlv�.hvLIlG�t�uGѦ�%H�x�u)t�(D�HږyHm:^�N(�T|^�aNé-}!*{�> e%S5E�hDԤ#|/0�ɀYǝ�F�z.Qu^V��ڮq�4]�^Nૌ=Q5hw��/E�@^���cBȡ[Boi�=7dc7.���{$�͑�w2K*-a{е�w8r�
�08juj=nfO-�n@w�(\'p}j� F1 9�, \�ZIa^_y�
yN
�=:t^䖡�_ֽyo@סn}w�do&a-vQKw TmO |lM=P�>I
Cu"ħF�r ˺Y4�hm�Ea�jj�T+W^T/[��,\hF}RU5MQ/z� �?
n0u�h;\AJ�y]J>�Eess�^_�wD_j�0QEVKi�/�ZH���?.gN{���] x�[�n/4E;J
KHs�=
(2���,#�uG�Ҿ췯;6鷏ώ;Sd̲1<�ZMӀ��Z�vd�!?Y�
ӓkIGNs!+|qg>!5M0\̱¬:֪V�1?o!aj;� d�Pp9L+pz/�?t_d�BOGcRdt,'�9�0N`mYn_�H!-T,>Jaf��k��$LJo$SNE ;-�u���%ͪ5A\�[PĿ�"G/D]7kDm.-�s5ͷwf�cZVp�3n[O�һ^>a$шf9",$��M}sQU�1|J�,�PQWߢ*��r%(NLf[ԑplPòǔIG�z=A��A�ӧEz|JMk6m�uI=D�C#ɠ�:ڴ{\gV���4!>�&-Ѐ
'pGbd.��x:� C
�04��m�LH#wM۠h&r�kI�7.[A0?�� ;
O`p]�&;�xk
=�`DyKwCP�b�L{��TM`�@#@X���C��
����k
6G\[-[�Z6x�O͙A }�(~9-R��;C1��"# E�EK�y3@� $h�-4`��z.��=�
��|?#!bRN[
'9Rt{B#��RyMfJ9cb -d[b�}I�lΌ�eV&vφa,[Lbo��7�]�,�Sl3-M�us֪%6��ʋzhNC&ǽ3yjm��S#�U^?_)h�X�L9|�p��p�]?��n;N %=&*��,Â�Ik̦US9}L{"z
[��I3�7��?�`b##>Xl~te��ٌi8xw�>`|�=-0Xհݙ2r|>�I4�5+8dp7 �P�ܼ?
b>ȝ 8#��_gM,������Y�h(b'pCxʸ*2$,T4��pt�r�K�ݼ~h��";hqNNSНB#D9z�Q=/O꽥ZЬ+�o�H_ƠR�.�\[K�Ҟ� K
�r�W
0p��ZZE"b Ej7�{\Z2,c
l,>4AdN/a:*)6&�v;p�=F�5�n�&�?&TYV0>2ei[FohCMۯrv'`ܲ��K���(�)em�*dʫ�?v= �kQDz{fl>q�G�lc�p6xBJmH�כAB�
cOЭ,��h�ZW%S=#�kQA�a ��ŵa�a�{�61rt^XԳtg~a?_XTNۋkʮtْүhOvp��u�*>�1f&6X#˦�z`ُ�IAʫ�U�f z6V&L~�5<2eX]P�L,`_#|ʠ::7�I���N#�1hh
05�-�tpCUjʾ_ٳI�zoB6ELt0ȐNǝ�Wlȡ0tR\AO�q�?:(TZ�7cm{H^ac7U�[@oRF)�'�[WNj&h6>3}&mnj^D[uc`�ᘻ,OqG{SK)~9XD4W
'�at/ V$8У4�I�oQcM9W�^&�Ԧ>/�*騫VIe2&0�ʇF5��;
[W�*)<�l:�+����z�ďtv'@d�C-sZ#�dK�0=sK��\7�a0^QjQʠkIurb*kZQR<*�잔n,��:
ĕ,6" ���l[
ezפ_+�Gs;"Jgԋb��r{q>'F{�4�l�xG��cWՄθ
4;fGXd;γ�ڴi�D@kXJ7eVV5XI0iuI+KZ����=2aӣ�U}/*\$�Iv3ҿ��BGD�o0|�����)xT-kZ��b[Ԫ�w�>"�i�!`�\?=bEO�p?n ]�^*~
t9#��2@BZNb.xœo
-"Ԅ6xtLa�V*���7xoA!RēC�cI`���GUI��8x�ᯕJUʼ f@<8&ov/>B�05@ EE@D�j?%
?���/Ѝ ?�FPX1"NKŻR�;?tNg�me_:m]tο� �=~?Н :u�o�&Cr|8���z{B��Y�Թ~~<:��m~1���LAIP
��4�#7=$Y�COճ2urҹ ]:�y��p0Z�<�!hTw/�Υq{��e[J:^[�r��܃Z��,=
YF#B�[ȧ���Ak3d4) �3uX#�axK#&WDH[�(`�I3�\E]s>\zF_j,r9Eψa�J4Z��_Β#s�}e�YLoH:�ϣ��g֢Ѭ]}+
ɏ�h� #:��3e�!�Z� &
2�_,�wг�5^w�Z{�Er@gF�q?Imظ�N*rb��,_�@ݞneټܱ�r0�jw{操�~;Oj9vЛ�Sq�Ƅ��`sBk;G�Q��r0&x&�4�l�Ewy'("K(\�?8Jn,sL�㻞�a��+1q)yp]Qz AC~g}\0n;z{w6�|Of0�7+�'ivݷ;sܶ]'k���@" bY_B�IKwvzYV��N
ئ7=12�~�O� O=q�Զفǣǎ��X�
�*�4lo
azS`[ʅ=RH3�a
d<�Jփ�6˶˷Fp7�N
Ϧf_ O��%�FJ
,-Q`mZ،�9!/�h�vpm�U4b�Zy"N0�R�o��1֢ �I�Mi|o(o&xk5�)
kN7&/6o)�.��i{\nEa�>�xQx7e\ڊ�]�aKn~�'Vv/w�N-�ViuǏo�.Ggn\-]N�Q�҆�[�?<*�נe"];\`|Vu�}P/ki[00-�XIS q)<
>1I�)�/�ErO#29U"y}2�j)��p":ò�5�ȥ,��'��w��ڱE�ӡ�:;��FCKlP|Y`6}<굂�X�k;ZN:+��0? 7GkvVS痟a�1e�0KCj��w�Z���haK�X@�=I9MX4�0`Ue"Xcj'fo6�SLG|8�d(۾,.��3G�A�LVv({P6Iœ1)��Q�ȃҹ�3^껋-$FH^�ښ&.01/�s�pkg:&�%0��v�Gl+N45vT;ʒ!;�n3˵d\HSi%*v�oWH]�JCye�bVSk$7p$FzI$f/iE�7F>/O&<"��YHD(3?eR?eXi@5�x�=9'+ >���0qsIFReiùL#ZS*}j>r|2 �n�[4�oOg=P�%2`@ KA_���}uQ+5%ϓp�y#H�?b[HQ1T= LFz��،�gi/t&ᆒ~lH!�I��Ə ]{0�X�"*
�D�+D�ލthJt:1?/_`wY$n
GURʒV~>T3Ӈ]lj[�|:'R/:�юI�̿)1zTV�I-ku�bNM+Uno.f漣tE}v�'_/[j�����L~j�
�����@�8i�H�q-|#5h�%| (�rG[Rof�D�S�bQ>u1k���Fjjd�xj�fuol8�����y0'X@:lbd+F�*�Q`E�d�Us�TUZpTk/϶�q����S^/d�s$��70�N�U���:�{EEEEUV]t$ߧ7;I� 8gDaM� �a5ā|"�r+1j*a]��;:fPҥ>^_ןPH����S�#h@�,�"�u�0p`D�#k_> �-B�*}mV6k]XcG�*&� `6�B�#�b�ɏ�=��Mqmn�b��z}WCjc�4!g�U{(G#<�*') ��@lG"{�b<"'V|Z�-Ѝ!)ka\Ѓ ���u٫yB�C$çWN��
Mgl ��+n�l KV��2��HD@"�����%۾1~
)"*<��*sE /SyǀН�;�_JGy��*�Z�(;v1�p�IK�6�GZs�RνIS7�=mO-["�)ۻ6_�� =u<9-�&�SL
oBΠ6k?0_�XLHj�~6��b+@M����6|�[`8,O8ċO{�� {E[][˯�}:uBꭷy,��{C˭Ojp,ĉu��={c�~BP2o2@44+IY'VdbZIHg�cS8OvhƊ8eYXZƓ@旅F2R
,�ᶂȺ�y�͝5�.&3h
Νko�(jp~v/2/Em/ܯ;oIrg��6_˶'�If,b']�X,hAL�Hm~�9(w
\�j�c"�8
e??�%~Ge���{�~�Y�{ʞVS�,�rE�Y+
Z~�1�Fy�Qw�Ƕ,Gv0�cK[,zՠ�p=AYê)"(lsh�F��<6,ܠ�A\ۦǝ�B7�5Ns�nFJ�({ô�RcW�F�%3z�J�0[~AX�^q-P3&I"a�~6#uT_6&^�� �B(8#�3VG�B�A8A�XJ�o,"%vEaW(`8wQ%�Ϥ@FpxI�z/js�h*b4KB�-')�}L1M%���`sZk�^g�YJ+Șz~b=! cTAN^es[��ɧ��j*�, �iT��-�&>Zb�vms�!��y�m�_z^3!�am�Rn&*kx�zJ2Kovw�O�%٫�50�ںs��{rCjLx2WE�8ee�R�cYFycqO;H��A&{�Э�9bIә#'�0ډ�J J���?3RmF�Ν�z_ayZܾ\`{�̏ei
ͬͱj-%Fd�9�F
Rx�3�}$g;� ���@$=�/Hk�oD�~x#nϪ5q5�Tbtb
bZ&F&#Zi+8:4F| E�+c� %�)rUewޠ~z�*ޟO�i~f�n�Z]}{N5dM-ãks�|U:�k|%w�۶6
{D`DQ> XPp���MI٫T~ Nч����̋(LKt4*:7P�>m;A=~%yLLRO����f\�NL�_s�_�߰�,VI�m{d7�2[�$}̐?,DWc
`�xG$!�f꜓M{a/zQ*,Y|::f��G&OwE)�d�0wCE2&.V�{�ZC8
ްn?ňo8f+H�jIC9�1�˞0�Iݹa?Ð�3�{�U�Z"�aZ1ш�@Q->s?��uǤ')�45aBx$l��d
�D�ps}ve�jۈ��(���oXaL~EU;my^G"+6:�n犉1JOs\-"@e=D�q��E�<
W tQR�]N*�@���`g*���
s�n
Q&@Ԕ�u767p>9�/F٘DeJÉ��� :la`t��.t?�Oðq?]_��GAVI�pRt=��:r�tԨ)ʞ�*|{�C�`�g��c�R[7��ei�E^^?&).yci�� 8�^yN4_Z �oX2�2�f���{x���bRWkJ%z�u���3ʰ�LX|�{kwy���fU3{8~\OSz%
%uW0`A i�2bg4t\A%@�0>6#&Dwn�uuuvI^ۤw|ݹw}R֒E�_gn՝ɗes/4O-�fbv>4mKLJrY:2 6Sf�r?�sm.4�EqɃw�g;飱8?�/ı;�~|��JW6r�o&Ll+�7=vS+yk!?{Չt.4
5N�{0.8���SL^}'v�ԼVxu�xS�?
_C�&$)By7�9�hp)?@�|OPiuY<.�r_'\C;9+4?rʿ@�<�>v͋�/r��y�9�\��"?/?/r�e2�P9�r�)r�˜�̑K�˜B9.n~�+S�:z/���_?�}P9�g�@M^9M�@79�_zy�[9rֺ
۩�QNyr�i;GLwe<ߔ[nNJ>s\ȜHdZc+mF�D�gc:HD1�K�AB0_w9�ݧ,O5;H_ê�xĿ+N©���ݞރ�}��n��7��fZ�n�@�x�`
~iMog.ɛGp~k;Okw�җ� |3/߆z�H':+;�������di3q*K�7ýEy�2�78�0׀�C�d1�-0�VqF`�^u=
�!�:i>cP4l�KeB�ghX`$�"79<�R9Gq`�F]S[tC=o�[s�qgc�us`��4H
jYj
~ZV-�#\#a،p=b�O$&4v�XW5rF(x�e��h�[i2�oVS�y�Vi8�n[�C Dk(�� �}:`l*V,6of.3^4��6T<�gU~ o'2Pd �S��eb�b;ˈLbTlJx �/Kqg
�ރ�|L:AÆ߄՞�ٕv"n�,2w)�z6se��P4ǭa&r��2@���Mz4��z<(X?�?g��b�+S�{t�Ldp!gB͛Kl�^@e�D�˪U抄B`
�j?=[n%c�$QUy��Hr�bX��{o���#�+f>t��^���`ˋiB0S�t"-���&s���85+&-c� mtR� -HZ}�v8b�3\��Iv͘Z#m�> �Or*㣍A�ֽ��T#iZc7"9ݜ�ţ2aс(Y�c{XmD8k9t}�y
�ůD|݆mwf❛,<���Ï �CqzvwұDe��qg ��"�d`QSyvt.�+00ƚ �?L:D@z_L&)_�\vRix�F26�q/�.?Ahbv]"6
�R�Ň%13{`y����l��0�DѽaV,|v�/�G�&l��`���C~rh`=E(Q�O�V@>FՋpaHz�BGa|�5��J(KESXn�傾]#rF33/��1#qyY�� ЙW8��T"�zGmÜ�z)JJ)@bފRΥJU�^�m
}c"1b9?���"ㅰx!�ZQy�|XT��,sD�<�>K:S3U)֜��/gз��d쥽%�}Yq ��v.}�xF{%$}�HRݤO[=$sDJrE�)ߠ(b/<%���*W�.�X&"�>m�<'6}Fu;HxQ:��|0�j;;�1�Te]XQYɶ��y
S�O~n]�O(#o݂�k\�+<>c�iЄ.^p멎T�U|��J��A1YKrX}P?)�:�OOg�sZ�4��H�ʶ�!�_�,c��0У,20�^{s�hنG��kX�Ǹ[�[*�Iy>p <Щ0�\bX%e�ܔ�UF.��Ѩi�pKN \50(g|Ntu��{B7V�*
�܋;ξ�V�^f#9u��Rd�GB^#L�nH2m-�^2?g'
Q\�F$�30(�y�
l�+���m5'0X�1+ (���RGQf7}Oa�N*)As�a#Dl���[ApN7�\2�9Lg�#3E~1㡺_V~\ʙkcPKҽA5F�E�lT$bB=�AH>aH�b�V\3z7Z�О3q7C'
Cg�a+cPMYjcL1G�<,@}�փP��
=`#hxb
"���nh1)�d'k%I���'�R!la,�!r3 �Ej F.�t3��R04xq�BQ��əȩ8v�}_|J�Ѭd�;���̀/�Q>q&g\�ƕEy�@Xqө8Y5_��c�~��<^E��$oꎾ�V�;~v��?;Lj: a�
ѸT\Ɠ�ߴ;��K�,�mݸG�.OE�e鑢%!^ �T>Us!"^ֳ��
6A|>Ðy6��x�L�
g
UjT;IxdMn+:cSEᘸe=WFs(�1{l~
�)CUs̥D5^JC\rKl�TʩI�7v6̈́
В��]&ŮM�v�bes�Q�(��
|
Network Security & Hardware 
