Bicololo malware spreading via 404 Error targeting Russians
Feb 05, 2013
A Trojan that attacks Russian Internet users using a new trick to spread itself. Known as " Bicololo " was first discovered in October 2012 and specially designed to steal login credentials from users. For this, the malware modify the system Hosts file (i.e etc/hosts) to host perfect phishing sites via DNS poisoning to collect social networking and email credentials. In a recent post from Avast antivirus, Bicololo continued to evolve and spread even further. Because it is difficult for a user to determine that he is redirected to a phishing site the attack going smoothly. In Oct, They found that all these phishing sites were resolving via servers located at 69.197.136.99, 94.249.188.224 and 178.63.214.97, 94.249.189.21 , which originally were hosted on afraid.org servers. But now this malware spreading via standard 404 Error webpage error of hacked sites. The most frequent phishing clones of vk.com , odnoklassniki.ru and mail.ru like popular sites