Article

Discovery of malware cesspool triggers attack fears

SearchSecurity.com Staff
Security researchers at Tokyo-based antivirus vendor Trend Micro reported finding a Russian Web server hosting about 400 malicious programs, as well as several Italian Web sites linked to the server.

According to Trend Micro, the discovery could set the stage for a large-scale attack.

In a blog entry

    Requires Free Membership to View

Thursday, researchers said most of the malware on the Russian server appears to just be copies of each other, but among them were three specific groups that are typically used to display pornographic Web sites in a victim's Web browser.

Meanwhile, Trend Micro Senior Software Engineer Feike Hacquebord reported "Italian-like" Web sites containing IFRAMES that point to the Russian Web server. These sites apparently reside in a hosting facility in Germany, with registration data pointing to an email contact hosted in Russia, researchers wrote.

"Looking at these massive samples of malware, we can't help to think that there's something brewing in Russia," researchers wrote. "We have just seen these cybercriminals pull the Italian Job recently. Are we now seeing a Russian Uprising coming our way?"

Last month, a cyberattack infected thousands of Web sites, most of them Italian.

Trend said it's monitoring the current situation, and has blocked the malicious Web sites. It is also adding patterns to ward off new malware found on the Russian server.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: