Real-world terrorists are once again threatening to take their jihad (Holy War) to cyberspace. The notorious Al-Qaeda has threatened to launch a Web attack on Western anti-Muslim Web sites on the 11th of November, according to DEBKAfile, an online military intelligence magazine.

An attack like this could be unleashed via the Electronic Jihad Version 2.0 software, which is not actually new and has been around for about three years now. The said software is capable of distributed denial-of-service (DDoS) attacks. It is also configurable and flexible, which makes it easy for cyber-terrorists to be more effective in the said attacks.

Researchers across the industry have raised quizzical eyebrows as similar threats have turned out to be a dud, like the cyber attack that never happened against U.S. banks and financial institutions in December 2006. However, such a software was recently discovered by Trend Micro researchers. The hacking tool, which is detected as HKTL_DAHIJ.A, is now the E-Jihad Version 3.0. It arrives as an installer package and may be downloaded from a remote site.

The following is a screencap of the GUI for entering a user name and password combination:

When a certain user name and password is encoded, the hacking tool displays the following GUI:

However, for other user name and password combinations, this is what appears:

This hacking tool connects to a URL for verification purposes. After successfully establishing a connection, it downloads a list from several URLs. The said list, which contains another set of URLs, is used by the affected system to launch Denial-of-Service (DOS) attacks for the so-called e-jihad.

Law enforcers and other experts say that threats such as these should not cause much of a fuss as Web threats happen on a regular basis. Eli Alshech, Director of the Jihad and Terrorism Studies Project at the Middle East Media Research Institute, considers these e-jihadists as more of a nuisance than a threat. But with these terrorists, we will never know what they will do next. Is 11/11 going to be another date to remember?

The next big Web attack may unfold on the 11th of November or not at all. It is always good to remain skeptical about the veracity of such reports. Corporate users should protect their network with good network behavior monitoring tools.

Yesterday, the infamous Russian Business Network (RBN) dropped out of the Internet at around 7 PM PST. Since then, IP addresses of RBN can no longer be reached because there is no routing for them any longer. It could be that the upstream providers who provided RBN with Internet connectivity may have terminated their services to their problematic customer temporarily or (hopefully) even permanently. Trend Micro will continue to closely monitor whether RBN remains down.

The Russian Business Network is notorious for hosting lots of malware and Web browser exploits. These threats have been injected into thousands of legitimate Web sites. Customers of RBN abuse the latest exploits for their nefarious purposes. The most recent example is a security issue in Adobe’s Acrobat Reader that was fixed only a few weeks ago.

That RBN, currently, has no Internet connectivity means that the Web is a somewhat safer place today. Unfortunately, this may not be for long. RBN may find new upstream providers. In recent weeks, moreover, Trend Micro has seen equivalents of RBN pop up in Turkey and Taiwan. These hosting providers seem to have the same kind of customer base as RBN. Thus, even if RBN drops off of the Internet permanently, its customers might find a new home soon. TrendLabs is also closely monitoring the activities in the mentioned new suspicious networks.

Trend Micro security researchers found spam messages containing links that try to look innocuous by starting off with http://google.com/search{some string}btn{some string}. Links like these seem credible — after all, who doesn’t trust Google? Users may be led to believe these links are harmless. However, instead of returning a list of search results, these links directly open a site. This spam message, for instance, entices the receiver to download a casino game:

The incriminating string here is “btn,” the equivalent of clicking the I’m Feeling Lucky button found on Google’s search page. Using this button, Google redirects the user to the first Web page it had ranked as most relevant to the provided search query, instead of displaying the usual search listing.

Malware authors just need to make sure that their site gets first base on Google rankings.

Google and other unofficial “cheat sheets” document the array of advanced search functionalities built into the search engine. However, these functionalities may also be used by spammers to inject credibility into their spamming attempts.

Luckily for users, Trend Micro Web threat protection technology is able to block malicious content on Web pages, proactively breaking the infection chain before infection can take place. Still, users are advised against clicking links offered in spammed messages, even if they look trustworthy enough.

You might just get “lucky” yourself.