Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us

    Thai site

    Research Project Manager Ivan Macalintal reported a few hours ago that another Thailand-based Web hosting site appears to have been compromised to serve malware.

    APAC-Regional TrendLabs Team immediately probed and analyzed the attack layout for the ill-fated www.ictbannok.com and we identified a tricky injection, which was prematurely implemented.

    Based on our analysis, the main site is just about to be heavily laden with scripts when it was first reported. Going further, since it looks like a dead end when we tried a different avenue and since the main page itself is just like a site with a script gone bad, we found this:

      |
    http://www.ictbannok.com /*
    (Cloaking with a 404 error still heavily laden with an encrypted script which lead to)
      |
    hxxp://www.ictbannok.com.96fad701b73f1f53.2traff.cn/traff2.cn/
      |
    Host Location Estiona
      |
    Host Location European Union
    [Russian Federation]
      |
    The following malicious files are set to drop at this point namely
    Troj_SHEUR.DZJ and TROJ_INJECT.IS
      |
    Host Location Ukraine
      |
      TSPY_LDPINCH.JR

    These tiers were brought down 20 minutes or less after the probing was done. Too late for the authors of the attack, their tracks were traced back pinpointing the actual file that they were hoping to implement using Obfuscation and iFrame as a drop-off point.

    With coordinated effort from APAC-RTL spearheaded by Oscar R., Trend Micro Thailand Office by Wan K. and Kitisak J. of ThaiCert – the ictbannok.com site administrator was advised about the incident and had the site cleaned in no time. Now it’s back to its regular business.

    Trend Micro already detects these files since the release of malware control patch number 5.144.05 using scan engine 8.5001002 or later.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice