Full Disclosure mailing list archives
ZDNet Asia and TorrentReactor IFRAME-ed
From: "Dancho Danchev" <dancho.danchev () gmail com>
Date: Tue, 4 Mar 2008 07:52:58 -0800
An in-depth overview of a currently active malware IFRAME campaign, that's targeting ZDNet Asia and TorrentReactor's search engine optimization practices of generating, and locally caching the search queries pages, thereby positioning the now cached popular keywords with the IFRAME between the first ten to twenty search results, taking advantage of the sites' high page ranks. The current state of the exploitation technique used, allows the malicious parties to basically inject as many, and as diverse keywords, presumebly taking advantage of today's world events. Sample redirects, lead me to known Russian Business Network netblocks and ex-customers in the face of rogue anti-virus and any-spyware applications, as well as fake codecs. http://ddanchev.blogspot.com/2008/03/zdnet-asia-and-torrentreactor-iframe-ed.html Regards -- Dancho Danchev Cyber Threats Analyst/Blogger http://ddanchev.blogspot.com http://windowsecurity.com/Dancho_Danchev _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- ZDNet Asia and TorrentReactor IFRAME-ed Dancho Danchev (Mar 04)