WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Give a look at the malicious script

From: Paul Melson <pmelson () gmail com>
Date: Sat, 22 May 2010 07:55:20 -0400
This is off-topic from web application security, so if the list
moderator kills the thread, I will understand.

On Thu, May 20, 2010 at 5:47 PM,  <s34c0d3r () gmail com> wrote:

For the First Time it tried to download Notes1.pdf file.
the strange thing is that it loaded the notes1.pdf file, but the pdf didn't had any exploit embedded in it. .


The site is using the Fragus kit, which is why the first PDF you
received wasn't malicious.  Your download request of the file was
detected by the kit, probably for a missing or incorrect referer or
user-agent header.  This is a common mechanism used by exploit kits to
thwart researchers' attempts to get the exploits that they (the site's
owner) have paid for.

PaulM



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: