Hi All, Researchers with online security services provider ScanSafe are warning of a potent new blended attack that seeks to steal end users' personal data and is spreading rapidly across the Web.
Mary Landesman, senior security researcher with ScanSafe, said in a brief blog post that the powerful "cocktail" of backdoor, password stealing malware and Trojan downloader attacks is being discovered on a growing number of Web sites, having tracked over 55,000 such infected URLs in only several days time since first discovering the nefarious package. The attack is being loaded onto sites via a malicious iframe, she said, infecting large numbers of otherwise legitimate URLs. The iframe itself is using an intermediary site which downloads the other threats from an assortment of other malware domains, Landesman said. It's not unusual for attackers to use such a layered distribution approach these days to thwart efforts to stop their campaigns by shutting down individual URLs that they've employed. A Google search on the intermediary site used in the blended attacks at the end of last week turned up masses of pages already owned by the sophisticated package, including www.feedzilla.com, latindiscover.com, and a number of charitable and nursing facilities, including howellcarecenter.com, sweetgrassvillagealf.com, www.foodsresourcebank.org, and morningsideassistedliving.com. According to ScanSafe, the domains involved in spreading the attack were registered only in early August and include ahthja.info, gaehh.info, htsrh.info, car741.info, game163.info, car963.info, and game158.info, with ahthja.info leading the way in terms of distribution. The involved attackers are using popular hosting providers including GoDaddy.com to register their domains, which remain online and volatile, the experts reported. Researchers have long been warning of the increasing use of such combined attacks as schemers seek new ways to distribute their work faster and more effectively. The newly discovered example appears to be particularly effective based on the fact that it has been able to find so many legitimate sites that it can load itself onto in a short period of time. End users should expect to see continued use of both the blended approach and the multi-tiered distribution model, as they continue to see increased adoption among attackers as they seek to keep their threats rolling even as researchers sniff them out -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
