Number of Web Sites Hosting Malware Rapidly Increasing

Jason Barry — Tue, 27 Oct 2009 19:17:40 -0500

Security firm Dasient has compiled some interesting numbers regarding the slums of the internet, in particular the number of pages hosting malware. Combined with numbers released earlier this year by Microsoft and Google it leads to a disturbing and messy forecast.

According to the study an estimated 5.8 million pages within 640,000 websites were infected with code designed to impregnate visitors’’ computers with malware. Microsoft released numbers back in April regarding this same statistic claiming only 3 million pages were infected. In approximately 6 to 7 months, the internet garbage pile has close to doubled. During a similar period, Google doubled its blocked site metric to just fewer than 350,000.

The cleaning process isn’t easy because sites are getting re-infected just as quickly as they are getting clean. In fact, 39.6 percent of compromised sites have been compromised in the past and were cleaned up.

Old versions of common programs such as Adobe Flash and Acrobat provide easy targets for exploiting large numbers of clients all at once. "Hackers are starting to see some success from these attacks and whenever they see success, they continue to invest more," said Ameet Ranadive co-founder of Dasient.

Digital Picture Frames - Now with Free Malware!

Mark Soper — Sat, 16 Feb 2008 22:37:17 -0600

Digital picture frames showed up everywhere this past holiday season - and unfortunately, some of them, it turns out, also include a Trojan Horse payload as a 'free' bonus.

From One to Many...Vendors

The first reports in late January fingered some examples of the Insignia NS-DPF-10A 10.4-inch digital picture frames sold by Best Buy. However, the San Francisco Chronicle is now reporting that digital picture frames sold by several other vendors may also contain computer viruses, including products sold by Sam's Club, Target, and Costco. The digital picture frames involved contain flash memory to store images loaded from a PC.

A Multi-Pronged Malware Attack

Initially, it was believed that the malware on infected digital picture frames was relatively easy to deal with. One of the infections is W32.Rajump, which also infected some Apple video iPods back in October 2006. It spreads itself to removable drives and can attack Windows 9x through XP. Three other trojans are also older infections easily detectable by current antivirus programs. However, the biggest payload is a new Trojan Horse known to CA (formerly Computer Associates) as Mocmex, and identified as W32.Autorun.worm.e by McAfee.

Introducing Mocmex

Whether you call it Mocmex or W32.Autorun.worm.e, it's bad news. It performs the following actions:

- Kills various processes
- Downloads malware from two remote websites
- Deletes registry keys
- Adds registry keys to run malware
- Disables most major antivirus software products
- Disables Windows security and firewall features
- Captures passwords for online games (and could easily be tweaked to capture other types of information as well)

If that last behavior reminds you of a previous storage-based malware outbreak, you're right. We brought you reports of Maxtor external hard disks infected with malware from China back in November, and antivirus researchers, according to the Chronicle, have traced back this latest infection to a China-based group as well.

Stopping Mocmex

Mocmex can be detected by updated CA and McAfee antivirus programs (and possibly others), but because it uses Autorun.inf to spread (and can reenable Autorun, even if you have disabled this feature), waiting until you have connected the picture frame to a Windows-based PC may be too late - your system's already infected! So, how can you detect Mocmex or other nasties stored in a removable storage device? Deborah Hale at the SANS Institute (www.sans.org), a leading information security training and research firm, suggests scanning media from a computer running Linux or MacOS.