Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Today Trend Micro researchers discovered a spoofed (fake) version of the popular Russian social networking site Visitors of the spoofed site risk exposing their personal login credentials to a third party. is roughly the Russian equivalent of Facebook and is very popular in Russian-speaking countries. According to the site itself it has more than 35 million users. Alexa ranks the site as the second most visited site in Russia.

    The infamous UkrTelegroup rogue DNS servers resolve domain name to a foreign IP address beginning today. These rogue DNS servers belong to the most prevalent DNS Changer Trojans (like TROJ_DNSCHANG) that modify DNS settings of victims to point to foreign IP addresses. DNS Trojan victims are at great risk, because the controllers of the rogue DNS servers can send them to any site at any time, thus exposing the victims to possible information theft, fraudulent traffic and malicious URLs.

    Click for larger view

    Click for larger view

    Apparently the number of Russian-speaking DNS Changer victims has reached critical mass, so that it becomes profitable to spoof Russian sites as well. Earlier we saw only about 60 Russian porn sites that got rogue resolution by the UkrTelegroup gang in a click fraud scheme, but now they are taking interest in spoofing Russian high-traffic sites like this social networking website.

    Apart from personal information leakage, Internet users who visit the spoofed version of will see a “pop-under” box that advertises a different social networking site called through an intermediary site named According to is the second most visited website in Russia. Alexa however does not have statistics yet on

    Special thanks to Senior Threat Researcher Max Goncharov for additional information in this post.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice