Early today, Trend Micro Senior Threat Analyst Chenghuai Lu reports of Web site that hosts about 400 malicious programs (and counting). The malware samples seem to be just copies of each other. However, three specific groups stood out: TROJ_DROPPER.CKO, TROJ_CLICKER.QU, and TROJ_POLYCRYPT.G, which usually display adult-content Web sites on the victimâ??s Internet Explorer. Notably, the said IP address comes from Russia. Trend Micro Senior Software Engineer Feike Hacquebord, on the other hand, reports of certain Italian-like Web sites containing IFRAMEs that point to the said Russian Web site. Further investigation of the scenario reveals that these Italian-like Web sites were not hacked by a third party source to contain the IFRAME, but actually, the IFRAME were deliberately inserted by the owners of these “Italian” Web sites themselves! Apparently, these Italian-like Web sites reside in a hosting facility in Germany, with registration data pointing to an e-mail contact that is hosted in Russia. Looking at these massive samples of malware, we can’t help to think that there’s something brewing in Russia. We have just seen these cyber criminals pull the Italian Job recently. Are we now seeing a Russian Uprising coming our way? Trend Micro customers need not worry though. TrendLabs already detects most of the malware samples collected from the site as TROJ_DROPPER.CKO. The other two malware will soon be included in our patterns. TrendLabs has also blocked the said malicious Web sites and is continuously monitoring other malicious sites related to this incident. We are currently working to provide a more in-depth analysis of this scenario. More details will be posted soon.