Aladdin, the security firm that identified the new variant as JS.Feebs, noted that when the malware is executed by an unwitting recipient, it displays fake loading screens that look like several popular search engines. This is followed by a false error message stating that there was no available connection. The scripts do this to mask their own activities that sometimes include disabling the system's antivirus and other security-related products as well as executing other malicious code.
JS.Feebs usually arrives by email, but it could also exist in websites that would infect visitors upon access, Aladdin warned.
The mutant initiates an "elaborate fraud" attack similar to phishing. Unlike classic phishing, no phishing email or a link to be clicked exists. Rather, the script modifies the HOSTS file found on the compromised target PC.
This file, when modified, can override the default DNS servers, thus allowing users' internet browsers to receive one address and lead to another, leading users to a spoofed site when they try to access eBay. When personal information is entered, the user will be taken to the actual eBay website, completely unaware that the sensitive information just entered was, in fact, stolen. All this time, the eBay web address appears normally, days or even weeks after the original infection took place.
Although the propagation of this new variant may be slow, its infection impact is high, according to Aladdin, as it steals personal information pertaining to regularly used sites.
"We see this new fraud attempt as an illustration of the growing presence of dangerous phishing scams," said Shimon Gruper, vice president of technologies for the Aladdin eSafe Business Unit. "Although web attacks are more difficult to measure than email-related attacks, we expect this JS.Feebs variant to have a significant impact for infected users, as their browser no longer indicates they are visiting a phishing site," he said. "Thus, users are even more likely to provide their personal data, which then lands in the wrong hands."
Copyright © SC Magazine, US edition
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.