Security researchers at Trend Micro have spotted a Russian server loaded with more than 400 different pieces of malware that may be poised to launch a large-scale attack through malicious Web sites hosted in Italy.
Chenghuai Lu, a senior threat analyst at the Tokyo-based antivirus vendor, recently uncovered a site with several hundred malicious programs and traced the site's server to a Russian IP address. Among the harbored malware were examples of three Trojan families: Dropper.cko, Clicker.qu and Polycrypt.g. All three clans typically hijack Internet Explorer on compromised PCs and direct users to adult Web sites.
"Looking at these massive samples of malware, we can't help to think that there's something brewing in Russia," said Carolyn Guevarra, a third researcher at Trend Micro, on the team's blog Wednesday. "We have just seen these cybercriminals pull the 'Italian Job' recently," she added. "Are we now seeing a 'Russian Uprising' coming our way?"
Guevarra's Italian comment refers to a large-scale attack about six weeks ago that involved more than 10,000 hacked sites hosted in that country. Those attacks were guided by Mpack, a multistrike exploit tool kit that hackers had deployed on one or more servers; the compromised sites secretly directed users to an Mpack-equipped server, which then tried a number of exploits on the PC.
Trend Micro has blocked the malicious Web sites for its customers and is working to develop more information on the possible attack plot. "More details soon," Guevarra promised.