ViRobot

Security Info

  • Security Center
    • HAURI Security Report
  • Security Dictionary
  • Security Service
  • Free Download!!

HAURI Security Column

Security Column

  Title File Date  
Appearance of fake virus analysis service website -- 06/27/11

Written by HAURI Virus Lab.

Recently, there were some reports that a fake website which pretended to be a normal Virustotal website distributed malicious codes. According to analysis, the fake website downloaded other malicious code by utilizing Java Applet.


[PIC 1] Fake website

The fake website contained same title information comparing to normal Virustotal website.


[PIC 2] Some part of source code of fake website

Following image shows Java Applet for downloading other malicious code.


[PIC 3] Java Applet that downloads other malicious code

The downloaded malicious code by Java Applet has Botnet and DDoS related information as below.



mode : DDoS attack type
&botver : Malicious code version
&pcname : Infected PC name
&winver : OS version


[PIC 4] Botnet related information

For DDoS attack, 4 different attack types like synflood, httpflood, udpflood, icmpflood can be used.


[PIC 5] Botnet command information in the malicious code

Against this kind of security issue, user must accustom themselves to check if the URL is normal and OK to use all the time.

[ViRobot Detection Name]

HTML.S.Downloader.17707
HTML.S.MalScript.424
Worm.Win32.Arcdoor.104960

List
Copyright 2008 @ HAURI Inc. All rights reserved. SiteMap