Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

ZDNet Asia and TorrentReactor IFRAME-ed

From: "Dancho Danchev" <dancho.danchev () gmail com>
Date: Tue, 4 Mar 2008 07:52:58 -0800
An in-depth overview of a currently active malware IFRAME campaign,
that's targeting ZDNet Asia and TorrentReactor's search engine
optimization practices of generating, and locally caching the search
queries pages, thereby positioning the now cached popular keywords
with the IFRAME between the first ten to twenty search results, taking
advantage of the sites' high page ranks. The current state of the
exploitation technique used, allows the malicious parties to basically
inject as many, and as diverse keywords, presumebly taking advantage
of today's world events. Sample redirects, lead me to known Russian
Business Network netblocks and ex-customers in the face of rogue
anti-virus and any-spyware applications, as well as fake codecs.

http://ddanchev.blogspot.com/2008/03/zdnet-asia-and-torrentreactor-iframe-ed.html

Regards
-- 
Dancho Danchev
Cyber Threats Analyst/Blogger
http://ddanchev.blogspot.com
http://windowsecurity.com/Dancho_Danchev

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: