ISCOR Soluciones - NOTICIAS

Bollywood Hungama Web Site Compromised

Websense Security Labs(TM) ThreatSeeker(TM) Network has detected that the the Web site of Bollywood Hungama (Bollywoodhungama.com) has been compromised and injected with malicious code. The malicious code was identified to be part of the Gumblar mass injections, and there are multiple injections at the site's path level. While the main page was injected, the malicious code has been removed. A number of pages at the path level, however, still remain injected. The injected code leads to a site that has also been compromised by Gumblar. At this time, the malicious code isn't available or reachable, but this could change at any time.

Bollywood Hungama is a leading entertainment Web site (Alexa rank 1,592). The site provides news related to the Indian film industry, emphasizing Bollywood, film reviews, and box office reports.

Websense® Messaging and Websense Web Security customers are protected against this attack.

To view the details of this alert Click here

Zeus Campaign Targeted Government Departments

Websense Security Labs(TM) ThreatSeeker(TM) Network has discovered a new Zeus campaign (a banking data stealing Trojan) which is now targeting government departments. Our research shows that the campaign has especially targeted workers from government and military departments in the UK and US: we found most victims' email addresses end with .gov.

Our ThreatSeeker Network has seen thousands of emails which pretend to be from the National Intelligence Council (see Figure 2). The email subjects include: "National Intelligence Council"
"RE: National Intelligence Council"
"Report of the National Intelligence Council"

The spoofed emails lure victims to download a document about the "2020 project"; this is actually a Zeus bot. The Web sites which host the bot look very trustworthy: one of them is a compromised organization Web site and the other is located on a popular file hosting service. The bot has rootkit capabilities and connects to C&C servers at update*snip*.com and pack*snip*.com to report back on a successful infection and to download some archives with DLLs, it also modifies the hosts file to prevent updates from popular anti-virus vendors.

Websense® Messaging and Websense Web Security customers are protected against this attack, however the anti-virus detection rate for this bot is currently at 26/40.

To view the details of this alert Click here