Saturday, November 10, 2007 infecting computers

Update (13th Nov): cleaned the stuff. The announcement is here

The ScanSafe Blog mentions that the popular Indian website, has pages that are installing malicious code into computers that are visiting its webpages.

From the ScanSafe Blog:

The installed malware included a cocktail of downloader and dropper Trojans, assorted other malicious binaries, and large amounts of scripts, cookies, and other non-binaries. We ran some of the binaries through VirusTotal and looks like overall detection among signature-based antivirus vendors is low. Given the nature of the downloaded files, it appears the malware may be intended to create sites used to attack others or that there may be some malicious peer-to-peer or other filesharing/communication purpose.

There is no clear indication on which pages have been affected, but they say not every page is infected. The attack is basically done using some unknown vulnerability in windows. Microsoft has been asked to look into the report and is yet to give any reaction. Also, which browsers are affected have not been listed, but it seems like IE should be affected since some binaries are installed and activeX seems to be the common way to do it. But other scripts may also be working. ScanSafe advises all the users not to visit the webpage until a fix announcement is made by

All this malicious activity is going unnoticed because a lot of antiviruses are unable to detect the signatures of the malicious code. Which means that many of you already have been infected if you visited recently.

No comments: