/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBANGALORE, INDIA: Trend Micro has reported that over half a million web pages are infected worldwide. The first reports of such attacks came out during February 2008.
The affected websites are injected with a malware script (JS_SMALL.QT) resulting from a poor PHP bulletin board (aka, phpBB, a popular Internet forum software program) implementation.
Upon visiting affected websites, visitors are infected with a variant of the ZLOB family (TROJ_ZLOB.CCW) which poses as a video codec installer. When users download the purported video codecs they are actually downloading several Trojan horse programs:
TROJ_DNSCHANG.CS
TROJ_ALUREON.AE
TROJ_ALUREON.AH
TROJ_ALUREON.AI
These types of Trojans are known for changing an affected system’s DNS server and Internet browser settings, thus making the system vulnerable to additional threats.
The latest version of Trend Micro web threat protection technology is capable of blocking a possible by preventing access to the malicious pages. Moreover, a new tool, web protection add on is also avalable in the market.
According to Ivan Macalintal, Trend Micro advanced threats research manager, “This attack is similar to the web threat attacks that are seen worldwide.”
The malware is hosted on servers located in Columbus (OH), Concord (CA) and Moscow. This attack is potentially the work of a Russian/Ukranian criminal gang that have initiated previous ZLOB attacks over the course of the past year.