Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: what is this?
From: "Robert McArdle" <robertmcardle () gmail com>
Date: Mon, 14 Jan 2008 15:59:25 +0000

Apologies I should clarify.

In this attack legitimate pages on a site are first populated with
html tags embedding Javascript like so

<script language='JavaScript' type='text/javascript' src='{random
name}.js'></script>

these all point to the page you sent on. All the Mp3, quicktime, etc
stuff are expoits that are launched against the browser of the victim
who browses to the site.

The full descriptions of the various exploits are linked off
http://blog.trendmicro.com/e-commerce-sites-invaded/

Robert McArdle
-- 
www.RobertMcArdle.com/blog/ - Techie/Security/Inane Ramblings

On Jan 13, 2008 5:33 PM, crazy frog crazy frog <i.m.crazy.frog () gmail com> wrote:
more,its not a java script,looks like a html page[notice the <html>
and <body> tag n the file] there is also a random function,which
generate the random string which is used to store teh files on c drive
and may be for the random url.its trying to play mp3 and other
files.all looks like messed up.may be there is another script which is
getting embeded in pages which infect calling this script?


On Jan 13, 2008 9:31 PM, crazy frog crazy frog <i.m.crazy.frog () gmail com> wrote:
Hi,

Recently on opening one of my site,my antivirus pops up saying that it
has found on malicious script.the url is random and i have managed to
get tht script.it is using some flaw in apple quick time.
u can get the zip file for java script here:
http://secgeeks.com/what.zip
password is 12345
can somebody guide/help me what is this and how can i remove it?

--
advertise on secgeeks?
http://secgeeks.com/Advertising_on_Secgeeks.com
http://newskicks.com




--
advertise on secgeeks?
http://secgeeks.com/Advertising_on_Secgeeks.com
http://newskicks.com




-- 
www.RobertMcArdle.com/blog/ - Techie/Security/Inane Ramblings

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]