Trend Micro reports attack on half Mn web pages

By siliconindia   |   Friday, 16 May 2008, 01:14 IST
Printer Print Email Email
Bangalore: Web threat advisory Trend Micro has identified over half a million Web pages that have been hit by a Web attack. Affected websites are injected with a malware script (JS_SMALL.QT) resulting from a poor PHP Bulletin Board (aka, phpBB, a popular Internet forum software program) implementation. Upon visiting affected websites, visitors were infected with a variant of the ZLOB family (TROJ_ZLOB.CCW), which poses as a video codec installer. A press release says that when users download the purported video codecs they are actually downloading several Trojan horse programs like TROJ_DNSCHANG.CS, TROJ_ALUREON.AE, TROJ_ALUREON.AH, and TROJ_ALUREON.AI. These types of Trojans manipulate an affected system?s DNS server and Internet browser settings, thus making the system vulnerable to additional threats. Many of the Websites have already been compromised with fake pharmaceutical and pornographic spam. It seems that the first infection occurred in February 2008. The infections appear to have been carried out in forums and guest books. The original forum and guest book pages are now inaccessible as they redirect visitors to a porn site to download the fake video codec. According to Ivan Macalintal, Trend Micro Advanced Threats Research Manager, "This attack is similar to the Web threat attacks we are seeing worldwide: just visiting a compromised site leads to a series of redirections that causes the downloading of malware."