Today Trend Micro researchers discovered a spoofed (fake) version of the popular Russian social networking site vkontakte.ru. Visitors of the spoofed site risk exposing their personal login credentials to a third party. Vkontakte.ru is roughly the Russian equivalent of Facebook and is very popular in Russian-speaking countries. According to the site itself it has more than 35 million users. Alexa ranks the site as the second most visited site in Russia.

The infamous UkrTelegroup rogue DNS servers resolve domain name www.vkontakte.ru to a foreign IP address beginning today. These rogue DNS servers belong to the most prevalent DNS Changer Trojans (like TROJ_DNSCHANG) that modify DNS settings of victims to point to foreign IP addresses. DNS Trojan victims are at great risk, because the controllers of the rogue DNS servers can send them to any site at any time, thus exposing the victims to possible information theft, fraudulent traffic and malicious URLs.

Apparently the number of Russian-speaking DNS Changer victims has reached critical mass, so that it becomes profitable to spoof Russian sites as well. Earlier we saw only about 60 Russian porn sites that got rogue resolution by the UkrTelegroup gang in a click fraud scheme, but now they are taking interest in spoofing Russian high-traffic sites like this social networking website.

Apart from personal information leakage, Internet users who visit the spoofed version of www.vkontakte.ru will see a “pop-under” box that advertises a different social networking site called youdo.ru through an intermediary site named youdoitnow.ru. According to Alexa.com vkontakte.ru is the second most visited website in Russia. Alexa however does not have statistics yet on youdo.ru.

Special thanks to Senior Threat Researcher Max Goncharov for additional information in this post.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!

Trend Micro recently relaunched TrendWatch, its dedicated threat center, to keep users better informed and abreast of the latest threats! As with the website’s earlier launch last year, this year’s relaunch aims to continue to make more intuitive information about all threats as accessible as possible to all our site visitors.

The site will continue to answer the same questions you may have had in the past but will also offer you so much more. The new and improved TrendWatch site promises to be faster, simpler to use, and more intuitive than before.

To get a glimpse of the new and improved TrendWatch, you may visit this URL: http://us.trendmicro.com/us/trendwatch/.

So what can you look forward to seeing in this site?

• Focus Report Series is a Trend Micro first. The featured report each month will give you a more in-depth insight on some of the most prevalent types of malware attacks.
• Threat Meter presents a graphical view of the latest threats (i.e., Web, spam, and malware) affecting users in real time.
• Recent Security Advisories will keep Microsoft application users informed of the latest critical updates to protect their systems from vulnerability exploits.
• Latest Videos and Podcasts provides user education and training support conducted by our tech gurus.
• Recent Threat News provides links to our latest blog entries that will keep you informed of the latest threats you should protect yourselves from.

These and links to our rich and timely security resources are sure to make your TrendWatch experience better than before.

Visit TrendWatch, a threat center designed just for you! Powered by data from TrendLabs, Trend Micro’s global network of research, service, and support centers, TrendWatch is a central resource providing the latest information about threats plus updates on new technologies and access to security tools.

Experience Trend Micro, visit TrendWatch today!

It’s not the second Tuesday of the month, but Microsoft has rushed out several patches for Internet Explorer. These are related to the zero-day exploit that was revealed earlier in the month; however it appears that the underlying vulnerability was not fixed; independent security researchers have discovered the underlying flaw and are ready to release at this week’s Black Hat security conference in Las Vegas. Microsoft is preempting the exploitation of this possible issue by taking the highly unusual step of releasing an out-of-cycle patch.

More information, as well as download links for the said patches, may be found below:

• Cumulative Security Update for Internet Explorer
• Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution