Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: InfoSec Handlers Diary Blog - Malicious Content on the Web InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Malicious Content on the Web

Published: 2009-05-07
Last Updated: 2009-05-08 17:20:28 UTC
by Deborah Hale (Version: 2)
1 comment(s)

Today must be a full moon day!  We have had several reports of strange malicious content on otherwise good websites.   One of them is confirmed by Trend Micro.

The first is a fake/Trojanized Windows 7 Release Candidate (RC) build release.  The Trojan is being referred too as TROJ_DROPPER.SPX.  From Trend Micro's Release:


"It is a self extracting executable that contains two executables: one is the original Windows 7 RC build named SETUP.EXE, and the other is CODEC.EXE. Trend Micro detects CODEC.EXE as TROJ_AGENT.NICE. When an unsuspecting user executes the Trojanized setup file, the embedded malware is also executed. As a result, malicious routines of the embedded file are exhibited on the affected system."

The full article can be found at:

threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp

The second item is a possible infection your typical "your computer is infected, click here to scan and clean it" on the usatoday.com website. We have received more than one report of this but have not been able to confirm. We suspect if it indeed is there that it is an ad somewhere on their site. Several of the handlers have tried to find the offending ad and have so far been unsuccessful. We have contacted the appropriate individuals at usatoday.com to advise them of the reports.

If any of our other readers have seen this type of activity and can tell us what page were on and if a link or an ad was clicked on that triggered it we would like to hear from you so that we can pin point the problem and work with USAToday to get it cleaned up.

Other reports that we have received is that an adware program is being installed on computers when clicking on the link to get the free chicken coupon from Oprah's website.  I have sent an email to the webmaster and have heard nothing back yet.  The scary thing about the chicken coupon is that hundreds of people have downloaded this coupon.  Just think of all of the computers that now have the malware installed.  Again I can't confirm this because I haven't tried to download the coupon and I haven't heard anything back from their webmaster.

If you have any information about this we would like to hear about it too.

 

 

 

Keywords: malware
1 comment(s)
Diary Archives