Full Disclosure: More High Profile Sites IFRAME Injected

More High Profile Sites IFRAME Injected

From: "Dancho Danchev" <dancho.danchev () gmail com>
Date: Wed, 12 Mar 2008 06:51:20 -0800

The ongoing monitoring of this campaign reveals that the group is
continuing to expand the campaign, introducing over a hundred new
bogus .info domains acting as traffic redirection points to the
campaigns hardcoded within the secondary redirection point, in this
case radt.info where a new malware variant of Zlob is attempting to
install though an ActiveX object. Sample domains targeted within the
past 48 hours :

lib.ncsu.edu; fulldownloads.us; cso.ie; dblife.cs.wisc.edu;
www-history.mcs.st-andrews.ac.uk; ehawaii.gov; timeanddate.com;
boisestate.edu; aoa.gov; gustavus.edu; archive.org;
gsbapps.stanford.edu; bushtorrent.com; ccie.com; uvm.edu; thehipp.org;
mnsu.edu; camajorityreport.com; medicare.gov; usamriid.army.mil

http://ddanchev.blogspot.com/2008/03/more-high-profile-sites-iframe-injected.html

Regards
-- 
Dancho Danchev
Cyber Threats Analyst/Blogger
http://ddanchev.blogspot.com
http://windowsecurity.com/Dancho_Danchev

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

More High Profile Sites IFRAME Injected Dancho Danchev (Mar 12)
- Re: More High Profile Sites IFRAME Injected worried security (Mar 15)
  - Re: More High Profile Sites IFRAME Injected Razi Shaban (Mar 15)
    - Re: More High Profile Sites IFRAME Injected taneja . security (Mar 15)
  - Re: More High Profile Sites IFRAME Injected Valdis . Kletnieks (Mar 17)
    - Re: More High Profile Sites IFRAME Injected worried security (Mar 18)
    - Re: More High Profile Sites IFRAME Injected Valdis . Kletnieks (Mar 18)
    - Re: More High Profile Sites IFRAME Injected worried security (Mar 18)