Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    April 2014
    S M T W T F S
    « Mar    
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  
  • About Us

    Today Trend Micro researchers discovered a spoofed (fake) version of the popular Russian social networking site vkontakte.ru. Visitors of the spoofed site risk exposing their personal login credentials to a third party. Vkontakte.ru is roughly the Russian equivalent of Facebook and is very popular in Russian-speaking countries. According to the site itself it has more than 35 million users. Alexa ranks the site as the second most visited site in Russia.

    The infamous UkrTelegroup rogue DNS servers resolve domain name www.vkontakte.ru to a foreign IP address beginning today. These rogue DNS servers belong to the most prevalent DNS Changer Trojans (like TROJ_DNSCHANG) that modify DNS settings of victims to point to foreign IP addresses. DNS Trojan victims are at great risk, because the controllers of the rogue DNS servers can send them to any site at any time, thus exposing the victims to possible information theft, fraudulent traffic and malicious URLs.

    Click for larger view

    Click for larger view

    Apparently the number of Russian-speaking DNS Changer victims has reached critical mass, so that it becomes profitable to spoof Russian sites as well. Earlier we saw only about 60 Russian porn sites that got rogue resolution by the UkrTelegroup gang in a click fraud scheme, but now they are taking interest in spoofing Russian high-traffic sites like this social networking website.

    Apart from personal information leakage, Internet users who visit the spoofed version of www.vkontakte.ru will see a “pop-under” box that advertises a different social networking site called youdo.ru through an intermediary site named youdoitnow.ru. According to Alexa.com vkontakte.ru is the second most visited website in Russia. Alexa however does not have statistics yet on youdo.ru.

    Special thanks to Senior Threat Researcher Max Goncharov for additional information in this post.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice