Cyber criminals have actively used Drive-by-download attack in order to succeed in their criminal activities. And this time they are up again, targeting Virustotal which is a famous website that allows users to scan files with a large number of antivirus engines. Security researcher from Kaspersky Lab warns of a fake Virustotal website that is being used to distribute a malware via a Java-based downloader. They attack has been brought into action with clever social engineering as Virustoal is a popular site in the web todays with most people hearing its name on blogs and news. The spoofed site discovered by Kaspersky researchers looks exactly like the real one and prompts users to run a Java applet.The applet is actually a Java-based trojan downloader that distributes a piece of malware detected by Kaspersky Lab as Worm.MSIL.Arcdoor.ov.
“The worm is developed to recruit zombies that will be part of a botnet designed primarily to perform DDoS attacks synflood, httpflood, udpflood and icmpflood. The communication focuses on a C&C that stores information obtained from the victim machine” quotes the security researcher. The botent is control through a web-based DDoS framework known as N0ise. It accepts commands to initiate several types of DDoS, report the hostname of the victim machine, type and version of the operation system, as well as the version of the malware itself. The website’s URL has been hidden by the researcher. It should have been made public so as to prevent further attack, what we believe in. The more awareness is spread, the more users are secured.