A Trojan that attacks Russian Internet users using a new trick to spread itself. Known as "Bicololo" was first discovered in October 2012 and specially designed to steal login credentials from users.
For this, the malware modify the system Hosts file (i.e etc/hosts) to
host perfect phishing sites via DNS poisoning to collect social
networking and email credentials.
In a recent post from Avast antivirus, Bicololo continued
to evolve and spread even further. Because it is difficult for a user
to determine that he is redirected to a phishing site the attack going
smoothly.
In Oct, They found that all these phishing sites were resolving via
servers located at 69.197.136.99, 94.249.188.224 and 178.63.214.97,
94.249.189.21 , which originally were hosted on afraid.org servers.
But now this malware spreading via standard 404 Error webpage error of hacked sites. The most frequent phishing clones of vk.com, odnoklassniki.ru and mail.ru like popular sites noticed in wind.
Once the victim with infected system types they will find fake log-in
forms in browser and because none of the targeted services uses secure
connections via HTTPS by default there is no simple way for user to know
about the posing danger and he willingly give his password to hackers.
"The most common “stable” version comes in a self-extracting Cabinet
container. Once executed, it drops four files into some strangely named
Program Files subfolder, and runs them. The first dropped file is
obfuscated and randomized BAT which does the actual etc/hosts injection.
The other two files are Visual Basic scripts. One of them loads a text
file with URL of an infection counter and sends there a message of
successful infection." Martin at Avast said.
So for spreading this, it is enough for the attackers to an existing link on the hacked site on a forum or website. Once a user clicks the link does not exist, he would normally get the 404 error and Malware will welcome you with warm codes.
Use Good Antivirus, Like AVAST and AVG. Stay tuned with us on Facebook and Twitter.
No comments:
Post a Comment