14 DAY TRIAL // A few days ago, everybody has started talking about a new backdoor that targets the MSN accounts and attempts to steal usernames and passwords stored on an affected system. Today, Roel of Viruslist.com published a closer analysis on the threat, revealing that it was created by someone from Netherlands. "Firstly all the functions have Dutch names. This is extremely rare and clearly indicates that the author is Dutch", Roel write. In the recent few months, we've seen an increasingly number of threats coming from Netherlands, whether we're talking about spam, Trojan horses or any type of malware.
More interesting, the MSN infection is related to a Dutch social networking service which are apparently equipped with some sort of dangerous URL. "All the profiles that the malware links to were created in the last week. The first question is what are these profiles actually for? The answer's easy; they all contain a very slightly obfuscated URL", Roel continued.
"The backdoor looks through the page and parses the URL between 'IMG_URL_ST' and 'IMG_URL_END'. The URL is actually the location of the web-based Command & Control server to which the backdoor reports and receives commands."
The social networking services have always represented one of the simplest method to find and attack vulnerable targets because they are incredibly popular all over the world. Just look at Facebook, the social network that grew up a lot in the last months, its representatives saying at the time of signing the partnership with Microsoft that approximately 200,000 new users create accounts every day.
In this context, launching an attack on such a popular service has the potential of making lots of victims and gathering impressive amounts of private information. That's why you're always advised to protect your computer with powerful security software and apply the latest patches and fixes to correct vulnerabilities.