funsec mailing list archives
Syrian Embassy UK Website Hacked
From: "Paul Ferguson" <fergdawg () netzero net>
Date: Wed, 26 Sep 2007 02:39:40 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Via Websense. [snip] The site www.syrianembassy.co.uk contains three unique iframes that direct visitors to malicious Web sites. The iframes use various techniques to evade detection, including Javascript Obfuscation. The iframes point to hosts in the United States, Malaysia, and the Ukraine. The Mpack attack toolkit is hosted on one of these sites and attempts several exploits depending on OS, browser, and plugin versions. The end result is that two Trojan Downloaders are dropped on visitors' computers from two of the iframes. [snip] More: http://www.websense.com/securitylabs/alerts/alert.php?AlertID=806 Note: And yes, it is still compromised at this hour. - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFG+cZlq1pz9mNUZTMRAmYVAKD5jAt4mln+BfuLHjfczq+OBn5mjQCfa1OP ASi7JfNfTQIn3vq3mHQE0/A= =9eP2 -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Syrian Embassy UK Website Hacked Paul Ferguson (Sep 25)