WebApp Sec mailing list archives
Re: Give a look at the malicious script
From: Paul Melson <pmelson () gmail com>
Date: Sat, 22 May 2010 07:55:20 -0400
This is off-topic from web application security, so if the list moderator kills the thread, I will understand. On Thu, May 20, 2010 at 5:47 PM, <s34c0d3r () gmail com> wrote:
For the First Time it tried to download Notes1.pdf file. the strange thing is that it loaded the notes1.pdf file, but the pdf didn't had any exploit embedded in it. .
The site is using the Fragus kit, which is why the first PDF you received wasn't malicious. Your download request of the file was detected by the kit, probably for a missing or incorrect referer or user-agent header. This is a common mechanism used by exploit kits to thwart researchers' attempts to get the exploits that they (the site's owner) have paid for. PaulM This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Give a look at the malicious script s34c0d3r (May 21)
- Re: Give a look at the malicious script Paul Melson (May 22)