In collaboration with Taiwan´s Investigation Bureau, Armorize Technologies´ security analysis team - Armorize Special Forces (ASF™) - has discovered that cyber criminal groups have joined the frenzy surrounding the racy photo incident involving Hong Kong celebrity Edison Chen. Using these photos as bait, they are luring people to enter websites containing malicious software − or malware - such as backdoors or Trojan horses, in order to steal personal information.
Working with Taiwan´s Investigation Bureau, ASF™ has used the HackAlert™ service for long-term monitoring of websites in Taiwan and China. The team has identified that over 180 websites related to the scandal contain malware. Further analysis shows that most of these websites contain at least one instance of malicious code where detection by antivirus software is not guaranteed. Driven by curiosity, the general public may use search engines or P2P software to access these malicious websites resulting in loss of personal information. Once visitors enter such websites, their computers will be infected. If a website containing malware can lure thousands of hits a day, one can only imagine the number of people who will be affected.
Working together, ASF™ and the Investigation Bureau have concluded the following:
1. Since the start of the incident, approximately 180 websites containing the photos or related discussion forums have been infected with malware.
2. As of February 18 2008, 60 websites still contain this malware.
3. Malware (malicious URL injection) is usually undetectable by anti-virus software, and computers can be affected through web-browsing.
4. Websites related to this incident have at least one instance of malware and even up to 40 instances in certain cases. Thus, browsing these websites can be very dangerous.
5. Websites with malware can be classified into two categories:
1) malware implemented in websites during the scandal to lure visitors, and
2) malware implemented into Edison Chen's website and his fan-club's website via hacking. The latter is due to the fact that as there has been a surge in network traffic directed at these sites, they have become ripe targets for cyber criminals.
6. As these sites have experienced an increase in network throughput, the result is an even faster spread of malware.ASF™ has transferred all relevant data, including pictures and captured malicious scripts, to the Investigation Bureau, and Armorize Technologies held a press conference with the Investigation Bureau on February 19, 2008.
Please read full article at this
link.