Fake VirusTotal site serves malware
VirusTotal – the popular free file checking website – has been spoofed by malware peddlers, warns Kaspersky Lab.
A simple visit to the site triggers the download of a worm via a java applet embedded in the code:
The worm in question is detected by Kaspersky Lab as Worm.MSIL.Arcdoor.ov. It’s aim is to recruit the computer it infected into a botnet that would ultimately be used to perform DDoS attacks, and to communicate to the C&C information about the system (hostname, type and version of the OS, etc.)