Friday, November 11, 2005

Google, Yahoo, now Microsoft..under Attack

In the past three days, the "big three" internet services have come under attack. First Google, then Yahoo and now Microsoft.

Here is the latest alert from our friends at Websense:

"Websense® Security Labs™ has received reports of a email scam disguised as a Microsoft Security Update for Explorer.exe. Users receive a spoofed email message instructing them to click on a link to immediately download and install a bugfix from Microsoft.

The link in the email takes the user to a fraudulent website, designed to appear as the legitimate Microsoft Windows update site. The security update hosted on this page is actually a backdoor Trojan horse . Upon execution, the backdoor sends an HTTP request with the IP address of the infected computer and then waits for a connection from the malware author.

The site hosting the malicious file is in the United States, the site where the IP address is reported is hosted in Germany. Both were online at the time of this alert."

Although not specific, my guess is that the intent in this attack is to capture a computer for use in a botnet. Criminals use botnets to send SPAM and further their various criminal activities, including identity and financial information theft.

Here are few posts, I've done on botnet activity, Zotob Hackers Caught, Attack of the Worms and More Arrests in Zotob Case .

It appears that the criminal element is gearing up for their traditional activities during the holiday season, which is to steal as much as they can using the sales volume (created by the holiday season) as a smoke screen.

For the full alert from Websense, along with screen shots, click on the title of this post.

No comments: