Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: ZDNet Asia and TorrentReactor IFRAME-ed

ZDNet Asia and TorrentReactor IFRAME-ed

From: Dancho Danchev <dancho.danchev_at_gmail.com>
Date: Tue, 4 Mar 2008 07:52:58 -0800

An in-depth overview of a currently active malware IFRAME campaign,
that's targeting ZDNet Asia and TorrentReactor's search engine
optimization practices of generating, and locally caching the search
queries pages, thereby positioning the now cached popular keywords
with the IFRAME between the first ten to twenty search results, taking
advantage of the sites' high page ranks. The current state of the
exploitation technique used, allows the malicious parties to basically
inject as many, and as diverse keywords, presumebly taking advantage
of today's world events. Sample redirects, lead me to known Russian
Business Network netblocks and ex-customers in the face of rogue
anti-virus and any-spyware applications, as well as fake codecs.

http://ddanchev.blogspot.com/2008/03/zdnet-asia-and-torrentreactor-iframe-ed.html

Regards 

-- 
Dancho Danchev
Cyber Threats Analyst/Blogger
http://ddanchev.blogspot.com
http://windowsecurity.com/Dancho_Danchev
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Mar 04 2008
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]