|Appearance of fake virus analysis service website||--||06/27/11|
Written by HAURI Virus Lab.
Recently, there were some reports that a fake website which pretended to be a normal Virustotal website distributed malicious codes. According to analysis, the fake website downloaded other malicious code by utilizing Java Applet.
[PIC 1] Fake website
The fake website contained same title information comparing to normal Virustotal website.
[PIC 2] Some part of source code of fake website
Following image shows Java Applet for downloading other malicious code.
[PIC 3] Java Applet that downloads other malicious code
The downloaded malicious code by Java Applet has Botnet and DDoS related information as below.
mode : DDoS attack type
&botver : Malicious code version
&pcname : Infected PC name
&winver : OS version
[PIC 4] Botnet related information
For DDoS attack, 4 different attack types like synflood, httpflood, udpflood, icmpflood can be used.
[PIC 5] Botnet command information in the malicious code
Against this kind of security issue, user must accustom themselves to check if the URL is normal and OK to use all the time.
[ViRobot Detection Name]