Concerned about recent PAN-OS and other firewall/VPN CVEs? Take advantage of Zscaler’s special offer today
Read more

Blog Zscaler

Ricevi gli ultimi aggiornamenti dal blog di Zscaler nella tua casella di posta

Iscriviti
Ricerca sulla sicurezza

Koobface Worm Still Spreading Using Social Engineering Attack Vectors

image
THREATLABZ
maggio 04, 2011 - 3 Minuti di lettura
Approfondimenti sulla sicurezza

Contenuto

  1. Article
  2. Altri blog
The Koobface worm is not new to Internet users, but remains very active and continues spreading through different mediums using a variety of techniques. Last year, we have blogged about Koobface worm activity. We are still seeing this worm spreading via social engineering attacks. Attackers are creating fake malicious websites, which look like legitimate sites such as YouTube. Then, they lure the victim by posting fake content such as videos which actually lead to the downloading of malicious binary files. Look at the one of the site used to spread this worm using video content:

 

ImageIf you look at the image above, you will see the site is designed like a YouTube. The website shows a fake warning for adult material. The video displays a message saying “it requires Adobe Flash Player 10.37” and then forces a malicious file to download. In fact the latest version of genuine Adobe Flash Player is 10.2 but this video says 10.37 which is not a valid version. Once this file gets executed, it communicates with different servers. Here is the list,
 
  • http://www.powertreecorp.com/.tqe1/?action=fbgen&v=120&crc=669
  • http://www.bruleursdeloups.com/.gd1nlpq/?action=fbgen&v=120&crc=669
  • http://www.waypoint-center.org/.vye770/?action=fbgen&v=120&crc=669
  • http://sphusa.com/.wiqp6j2/?action=fbgen&v=120&crc=669
  • http://reishus.de/.zfg35n/?action=fbgen&v=120&crc=669
  • http://leonardandself.com/.uozs/?action=fbgen&v=120&crc=669
  • http://iq-tech.biz/.8cww/?action=fbgen&v=120&crc=669
  • http://careyadkinsdesign.com/.uzb62/?action=fbgen&v=120&crc=669
  • http://top-friends.co.za/.zsm4/?action=fbgen&v=120&crc=669
  • http://i-dare-you.co.za/.d38o8/?action=fbgen&v=120&crc=669
  • http://fatucci.it/.hkly/?action=fbgen&v=120&crc=669
  • http://www.flohr.tuknet.dk/.fav3bas/?action=fbgen&v=120&crc=669
  • http://www.mx2.jellingnet.dk/.n9u39y5/?action=fbgen&v=120&crc=669
  • http://www.neweed.org/.f8sh/?action=fbgen&v=120&crc=669
  • http://hillsdemocrat.com/.uit970q/?action=fbgen&v=120&crc=669
  • http://rentsatoday.com/.flyx4m/?action=fbgen&v=120&crc=669
  • http://www.aicis.it/.zm1jpub/?action=fbgen&v=120&crc=669
  • http://plymouth-tuc.org.uk/.eix02/?action=fbgen&v=120&crc=669
  • http://lode-willems.be/.xokpra/?action=fbgen&v=120&crc=669
  • http://www.cerclewalloncouillet.be/.s6ta/?action=fbgen&v=120&crc=669
  • http://www.ilfrutteto.net/.8tsple/?action=fbgen&v=120&crc=669
Zscaler, already has protection in place for these Koobface C&C servers. You can find the ThreatExpert report for this particular attack here. Never trust any site which will force you to download an executable file.

Umesh

 

 

form submtited
Grazie per aver letto

Questo post è stato utile?

vote yes
Sì, molto utile!
vote no
Non proprio

Scopri altri blog di Zscaler

A cyber criminal shopping for malware
Agniane Stealer: Dark Web’s Crypto Threat
Leggi il blog
Business people walking through a city
The Impact of the SEC’s New Cybersecurity Policies
Leggi il blog
Digital cloud illuminated in blue
Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)
Leggi il blog
TOITOIN Trojan
The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region
Leggi il blog
01 / 02
dots pattern

Ricevi gli ultimi aggiornamenti dal blog di Zscaler nella tua casella di posta

Inviando il modulo, si accetta la nostra Informativa sulla privacy.