Last-minute paper: Caution: level Pegel. The ideal computer infecting scheme. presented at Virus Bulletin 2010

by Alexey Kadiev (Kaspersky lab),


Summary : "
Nowadays, when almost every user has an anti-virus solution and knows at least something about Internet security, it's
becoming harder for malware writers to infect a victim's computer. Creating an efficient web-based infecting scheme with
JavaScript code, adding the knowledge about social engineering used by phishers, and spammers' techniques, one can create
an ideal infecting scheme. At Kaspersky Lab, we noticed a new massive attack using this scheme in the middle of
June 2010, and we have been tracking it since then.
Although other such schemes appeared a year ago, they were not so sophisticated. This is the most important thing related
to the recent Pegel infections.
At the end of 2009, massive infections of legitimate websites with malicious JavaScript code became a serious problem,
both for IT specialists and PC users all over the world. Since 2009, the first Gumblar variants and then some time later
Pegel versions have used infected web servers for their propagation. Such a closed-loop concept used for building the Pegel
botnet in combination with the constant addition of new features proved to be very effective and successful. And today,
after more than a year of Pegel's existence, the situation is still getting worse.
Notably, in June 2010 Pegel took the number one position in the top 10 malicious attachments in spam mails tracked by
Kaspersky. This presentation contains detailed information about how this type of threats works, showing the whole process
from the moment a user receives the malicious email to the moment their computer is infected and becomes a point of
distribution for more attacks.