Vianen, 9 november 2009 – Sinds vanmorgen vroeg maakt de bekende Koobface botnet op een slimme manier gebruik van Google Reader-accounts om pc’s van onwetende gebruikers te besmetten. Dit ontdekte Trend Micro via hun 24/7-onderzoek naar online criminaliteit.
De aanval vindt plaats via een pagina met een nep You Tube-video. Slachtoffers die op de Youtube-video klikken komen terecht op een gecompromiteerde website met daarop nog een nep You Tube-video. Wanneer gebruikers dat fimpje bekijken raakt hun pc geïnfecteerd en maakt hij vanaf dat moment deel uit van de Koobface botnet.
Onderstaand vindt u hierover het volledige, Engelstalige bericht van Trend Micro
*-*-*-*-*
Trend Micro Security Advisory - Koobface Abuses Google Reader
November 9, 2009 - Trend Micro TrendLabs has identified a new development in the Koobface Botnet, this time abusing the Google-owned service, Google Reader.
Trend Micro threat research continues to monitor Koobface criminal activities, including the spamming of URLs by Koobface on social networking sites such as Facebook, MySpace and Twitter.
Early this morning, they discovered that Google Reader URLs were being spammed by Koobface on social network sites. The attack works by having a Google Account controlled by the Koobface gang, host a page with a fake YouTube video. When a victim clicks on the fake YouTube video it redirects to a compromised website – which hosts another fake YouTube video. The compromised website leads to user infection, with the subsequent result of the victim becoming part of the Koobface botnet.
At the time of writing there are around 1,300 known, unique fake Google Reader accounts spammed by Koobface on social network sites. Trend Micro has contacted Google about this incident.
“This is yet another attack where cybercriminals misuse social networking tools, that were originally designed for fun, for their own profit”, commented Trend Micro CTO, Raimund Genes.
Google Reader is a free service offered by Google that allows users to monitor websites for new content and allows the users to share new content from websites. The feature that enables users to share new content is that which the cybercriminals have abused through the spamming of malicious links.
For further information and images, please visit
blog.trendmicro.comUsers of the Trend Micro Smart Protection network are already protected from this incident. Any user concerned they may have been compromised can use Trend Micro free clean up tools such as HouseCall or RU Botted. Prevention tools such as Web Protection Add-On can also help avoid further infection. Tools are available at
free.antivirus.com/About Trend Micro:
Trend Micro Incorporated, a global leader in Internet content security, focuses on securing the exchange of digital information for businesses and consumers. A pioneer and industry vanguard, Trend Micro is advancing integrated threat management technology to protect operational continuity, personal information, and property from malware, spam, data leaks and the newest Web threats. Visit TrendWatch at
us.trendmicro.com/us/trendwatch/ to learn more about the latest threats. Trend Micro’s flexible solutions, available in multiple form factors, are supported 24/7 by threat intelligence experts around the globe. Many of these solutions are powered by the Trend Micro Smart Protection Network, a next generation cloud-client content security infrastructure designed to protect customers from Web threats. A transnational company, with headquarters in Tokyo, Trend Micro’s trusted security solutions are sold through its business partners worldwide. Please visit
www.trendmicro.com.
Voor meer informative:
Lammers van Toorenburg Benelux PR
Paul Maris
Tel.: +31 (0)30 656 50 70
E-mail:
trendmicro@lvtpr.nl