Concerned about recent PAN-OS and other firewall/VPN CVEs? Take advantage of Zscaler’s special offer today
Learn More

Zscaler Blog

Erhalten Sie die neuesten Zscaler Blog-Updates in Ihrem Posteingang

Abonnieren
Security Research

Koobface Worm Still Spreading Using Social Engineering Attack Vectors

image
THREATLABZ
Mai 04, 2011 - 3 Lesezeit: Min
Einblicke zum Thema Sicherheit

Inhalt

  1. Article
  2. Weitere Blogs
The Koobface worm is not new to Internet users, but remains very active and continues spreading through different mediums using a variety of techniques. Last year, we have blogged about Koobface worm activity. We are still seeing this worm spreading via social engineering attacks. Attackers are creating fake malicious websites, which look like legitimate sites such as YouTube. Then, they lure the victim by posting fake content such as videos which actually lead to the downloading of malicious binary files. Look at the one of the site used to spread this worm using video content:

 

ImageIf you look at the image above, you will see the site is designed like a YouTube. The website shows a fake warning for adult material. The video displays a message saying “it requires Adobe Flash Player 10.37” and then forces a malicious file to download. In fact the latest version of genuine Adobe Flash Player is 10.2 but this video says 10.37 which is not a valid version. Once this file gets executed, it communicates with different servers. Here is the list,
 
  • http://www.powertreecorp.com/.tqe1/?action=fbgen&v=120&crc=669
  • http://www.bruleursdeloups.com/.gd1nlpq/?action=fbgen&v=120&crc=669
  • http://www.waypoint-center.org/.vye770/?action=fbgen&v=120&crc=669
  • http://sphusa.com/.wiqp6j2/?action=fbgen&v=120&crc=669
  • http://reishus.de/.zfg35n/?action=fbgen&v=120&crc=669
  • http://leonardandself.com/.uozs/?action=fbgen&v=120&crc=669
  • http://iq-tech.biz/.8cww/?action=fbgen&v=120&crc=669
  • http://careyadkinsdesign.com/.uzb62/?action=fbgen&v=120&crc=669
  • http://top-friends.co.za/.zsm4/?action=fbgen&v=120&crc=669
  • http://i-dare-you.co.za/.d38o8/?action=fbgen&v=120&crc=669
  • http://fatucci.it/.hkly/?action=fbgen&v=120&crc=669
  • http://www.flohr.tuknet.dk/.fav3bas/?action=fbgen&v=120&crc=669
  • http://www.mx2.jellingnet.dk/.n9u39y5/?action=fbgen&v=120&crc=669
  • http://www.neweed.org/.f8sh/?action=fbgen&v=120&crc=669
  • http://hillsdemocrat.com/.uit970q/?action=fbgen&v=120&crc=669
  • http://rentsatoday.com/.flyx4m/?action=fbgen&v=120&crc=669
  • http://www.aicis.it/.zm1jpub/?action=fbgen&v=120&crc=669
  • http://plymouth-tuc.org.uk/.eix02/?action=fbgen&v=120&crc=669
  • http://lode-willems.be/.xokpra/?action=fbgen&v=120&crc=669
  • http://www.cerclewalloncouillet.be/.s6ta/?action=fbgen&v=120&crc=669
  • http://www.ilfrutteto.net/.8tsple/?action=fbgen&v=120&crc=669
Zscaler, already has protection in place for these Koobface C&C servers. You can find the ThreatExpert report for this particular attack here. Never trust any site which will force you to download an executable file.

Umesh

 

 

form submtited
Danke fürs Lesen

War dieser Beitrag nützlich?

vote yes
Ja, sehr hilfreich!
vote no
Nicht wirklich

Weitere Zscaler-Blogs erkunden

A cyber criminal shopping for malware
Agniane Stealer: Dark Web’s Crypto Threat
Blog lesen
Business people walking through a city
The Impact of the SEC’s New Cybersecurity Policies
Blog lesen
Digital cloud illuminated in blue
Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)
Blog lesen
TOITOIN Trojan
The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region
Blog lesen
01 / 02
dots pattern

Erhalten Sie die neuesten Zscaler Blog-Updates in Ihrem Posteingang

Mit dem Absenden des Formulars stimmen Sie unserer Datenschutzrichtlinie zu.