Fake VirusTotal site serves malware

VirusTotal – the popular free file checking website – has been spoofed by malware peddlers, warns Kaspersky Lab.

A simple visit to the site triggers the download of a worm via a java applet embedded in the code:

The worm in question is detected by Kaspersky Lab as Worm.MSIL.Arcdoor.ov. It’s aim is to recruit the computer it infected into a botnet that would ultimately be used to perform DDoS attacks, and to communicate to the C&C information about the system (hostname, type and version of the OS, etc.)

The researcher warns that malware peddlers have lately began combining the use of malicious JavaScript code and social engineering techniques, since it allows them to infect computers regardless of the browser or operating system used.