I got Spam?!

A security firm called Finjan has discovered over 10,000 websites infected by a toolkit called "random js toolkit". The kit stores the IP addresses of web crawlers sent by anti-virus tools and security firms to examine web pages and when it detects one it serves up legit content to fool the crawler. According to Finjan researchers, a server belonging to an advertising company serving banner ads to over 14,000 sites was also hacked. Anyone visiting a site with one of these malicious banner ads is at risk of being infected themselves. To avoid being blacklisted, the kit serves up random URLs and even its exploits are dynamic and designed to change based on patches and vulnerabilities found on the victim's computer. This sharply increases the chances of being infected.The malware stores login and password details on a server in Spain, leading the researchers to believe a single gang of cyber criminals is behind the attacks. You can read Finjan's full report here.

• University of Liverpool Selects GFI MailSecurity
• Security Software Industry Takes First Steps Towards Forming Anti-Malware Testing Standards Organization
• End Of Year Security Wrap Up for 2007
• Spammers top 10 report: US Leading the Axis of Evil!
• Using Throttling and Traffic Shaping to Fight Spam
• SPAM, Viruses and the Blacklisting of Exchange Servers
• Spammers Use Lunar Eclipse to Deliver Malware
• Japanese Spammer Accused of Sending Over 2 Million Spams
• Phishing Sites Now Using the Storm Worm Botnet
• New Phishing Attack Masquerades as Government Alert
• GFI Adds Support for January 2008 Microsoft Security Updates
• Botnet Source Code For Overachievers
• Judge Orders End to Weight Loss Spam Organization

Filed under: Malware Tags: by admin Date 17 January, 2008