In the previous month the World Wide Web was subject to one of the heaviest attacks since it first came into existence. Thousands of legitimate websites were attacked by the Trojan horses JS:Redirector-H and JS:Redirector-J, the aim of which was to infect millions of unsuspecting users. avast! was the first antivirus program to detect the infection right at the start and all users of avast! were protected throughout the duration of the attack. Now, more than a month after the attack was first detected, it is possible to assess the attack.
The timeline of the attack can be divided into three phases:
The following graph presents the number of visits to infected websites. All these approaches have been blocked and users are therefore protected from large-scale infection. The highest number of these attempts was recorded on 14.5.2009 - more than 600,000 visits to infected websites.
The number of hits presented in the previous chart is enormous, but this reveals nothing about the number of infected domains. For this reason I present below a second graph. This shows the process of the infection in terms of domains - the number of newly infected domains per day (counting only the first occurrence of the infection for each single domain).
Finally, the total numbers (from 28.4.2009 to 31.5.2009):
Avast Threat Intelligence has identified a new advanced persistent threats (APT) campaign targeting government agencies and a government data center in Mongolia.
Our Aposemat Team has been testing the capabilities of IPv6 and how malware could take advantage of it. One of the topics explored was exfiltration of data via the IPv6 protocol, which we discuss in this post.
Popular banking services, including PayPal, Revolut and Venmo, allow users to request money from others with a few easy steps. Although simple, this functionality could increase the likelihood of related spearphishing attacks.