Bugtraq mailing list archives
Re: what is this?
From: "Robert McArdle" <robertmcardle () gmail com>
Date: Mon, 14 Jan 2008 15:59:25 +0000
Apologies I should clarify. In this attack legitimate pages on a site are first populated with html tags embedding Javascript like so <script language='JavaScript' type='text/javascript' src='{random name}.js'></script> these all point to the page you sent on. All the Mp3, quicktime, etc stuff are expoits that are launched against the browser of the victim who browses to the site. The full descriptions of the various exploits are linked off http://blog.trendmicro.com/e-commerce-sites-invaded/ Robert McArdle -- www.RobertMcArdle.com/blog/ - Techie/Security/Inane Ramblings On Jan 13, 2008 5:33 PM, crazy frog crazy frog <i.m.crazy.frog () gmail com> wrote:
more,its not a java script,looks like a html page[notice the <html> and <body> tag n the file] there is also a random function,which generate the random string which is used to store teh files on c drive and may be for the random url.its trying to play mp3 and other files.all looks like messed up.may be there is another script which is getting embeded in pages which infect calling this script? On Jan 13, 2008 9:31 PM, crazy frog crazy frog <i.m.crazy.frog () gmail com> wrote:Hi, Recently on opening one of my site,my antivirus pops up saying that it has found on malicious script.the url is random and i have managed to get tht script.it is using some flaw in apple quick time. u can get the zip file for java script here: http://secgeeks.com/what.zip password is 12345 can somebody guide/help me what is this and how can i remove it? -- advertise on secgeeks? http://secgeeks.com/Advertising_on_Secgeeks.com http://newskicks.com-- advertise on secgeeks? http://secgeeks.com/Advertising_on_Secgeeks.com http://newskicks.com
-- www.RobertMcArdle.com/blog/ - Techie/Security/Inane Ramblings
Current thread:
- what is this? crazy frog crazy frog (Jan 14)
- Re: what is this? crazy frog crazy frog (Jan 14)
- Re: what is this? Robert McArdle (Jan 14)
- Re: [Full-disclosure] what is this? 3APA3A (Jan 14)
- Re: [Full-disclosure] what is this? Nick FitzGerald (Jan 14)
- Re: [Full-disclosure] what is this? crazy frog crazy frog (Jan 14)
- Re: [Full-disclosure] what is this? Nick FitzGerald (Jan 14)
- Re: what is this? Jose Nazario (Jan 14)
- Re: what is this? crazy frog crazy frog (Jan 14)
- RE: what is this? Mario Contestabile (Jan 14)
- Re[2]: [Full-disclosure] what is this? 3APA3A (Jan 14)
- Message not available
- Re: what is this? Robert McArdle (Jan 14)
- Re: what is this? crazy frog crazy frog (Jan 14)
- Re: what is this? Gadi Evron (Jan 14)
- Re: what is this? Denis (Jan 15)