Jump to content


Fake VirusTotal site serves malware

  • Please log in to reply
No replies to this topic

#1 cnm


    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 25 May 2011 - 09:24 AM


VirusTotal - the popular free file checking website - has been spoofed by malware peddlers, warns Kaspersky Lab.

A simple visit to the site triggers the download of a worm via a java applet embedded in the code.

The worm in question is detected by Kaspersky Lab as Worm.MSIL.Arcdoor.ov. It's aim is to recruit the computer it infected into a botnet that would ultimately be used to perform DDoS attacks, and to communicate to the C&C information about the system (hostname, type and version of the OS, etc.)

The researcher warns that malware peddlers have lately began combining the use of malicious JavaScript code and social engineering techniques, since it allows them to infect computers regardless of the browser or operating system used.

See also http://www.securelis...gated_java_worm
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here

Member of UNITE
Support SpywareInfo Forum - click the button