Weekly malware round-up

Proliferation of images and video on the Net are making it easier to embed exploits by using media as a camouflage around malicious code. Four exploits discussed below are doing just that.

YouTube, with all its popularity, presents one brimming opportunity to affect masses, and the ‘Zlob' malware intends to do just that. This exploit uses the site to lure users to initiate a fake video link that not only bombards them with ads but also downloads Trojans to their computers. This article from Techworld provides details on the exploit. Here's a video from Websense about another exploit that basically dupes the user in executing a file (.exe) that opens up a video on YouTube while downloading scripts and Trojans in the background.

SecurityFocus describes a malware root-kit called Mpack that's used to compromise a number of legitimate Web sites through a process where users are redirected to malicious sites running Mpack. Once there, Mpack exploits specific vulnerabilities based on the user's browser to install Trojans and steal sensitive information.

Interestingly, the Mpack software is available in "commercial" scale via underground channels and comes with updates to the latest vulnerabilities that can be exploited. Sold by a Russian group of programmers, the root-kit also provides malware authors with statistics on the systems infected. Is malware getting organized ?

This techworld article talks about a malicious PHP exploit hidden in a GIF file. The exploit uses an interesting technique that lets the file propagate as "just an image," since the file does contain an image followed by the exploit. It doesn't have much attention yet, but experts say it's sufficient to allow hackers to run malicious code on a legitimate Web site.

Bottom line

Be careful where you click, because there's a mash-up of exploits out there, and information on them is the best first-aid.

Editor's Picks