JMH
Banned
- Local time
- 3:43 AM
- Messages
- 6,448
More -IT security vendor Webroot says it has discovered a pro-Israeli website apparently receiving passwords stolen by Koobface, the social networking worm that has been around for more than a year.
According to Webroot, Koobface - an anagram of Facebook - has been seen hijacking legitimate websites for more than a year, using them not only to host malicious payload files, but also to work as proxy command-and-control servers for the botnet.
Andrew Brandt, a senior security researcher with the firm, says that one such hijacked Web domain - migdal.org.il - recently popped up in a number of blog posts and on websites which list the domains used to host malware, as far back as this past May, when the Koobface crew began using a slew of new hijacked servers as distribution points for its malicious files.
"And since the summer, Koobface has been delivering a password stealing trojan among the several payloads it brings down to an infected computer", he said in a security blog posting yesterday evening.
The trojan's name, he says, is migdal.org.il.exe, and the stolen passwords it scrapes from infected computers are sent right back to the migdal.org.il web server, which is physically located at an ISP in the UK.
Infosecurity (UK) - Webroot warns on political Koobface data hijack
My Computer
At a glance
Win 7 Ultimate 64-bit. SP1.Intel i7 -720QM.[1.6GHz Turbo Boost 2.8GHz. 6...8 DDR 3 RAM. 1066MHZATI 1024 MB. DDR3. Radeon HD5650
- Computer Manufacturer/Model Number
- LAPTOP. HP Pavilion dv7-4010TX .
- OS
- Win 7 Ultimate 64-bit. SP1.
- CPU
- Intel i7 -720QM.[1.6GHz Turbo Boost 2.8GHz. 6MB Cache.]
- Memory
- 8 DDR 3 RAM. 1066MHZ
- Graphics Card(s)
- ATI 1024 MB. DDR3. Radeon HD5650
- Monitor(s) Displays
- 17.3" High Definition Brightview LCD. LED Backlit.
- Screen Resolution
- 1600 x 900.
- Hard Drives
- 640GB
- Case
- Laptop / notebook.
- Mouse
- Logitech Anywhere mouse. MX.
- Internet Speed
- ADSL [ but too slow ]