Re: what is this?

["Robert McArdle" <robertmcardle () gmail com>]

Apologies I should clarify.

In this attack legitimate pages on a site are first populated with
html tags embedding Javascript like so

<script language='JavaScript' type='text/javascript' src='{random
name}.js'></script>

these all point to the page you sent on. All the Mp3, quicktime, etc
stuff are expoits that are launched against the browser of the victim
who browses to the site.

The full descriptions of the various exploits are linked off
http://blog.trendmicro.com/e-commerce-sites-invaded/

Robert McArdle
-- 
www.RobertMcArdle.com/blog/ - Techie/Security/Inane Ramblings

On Jan 13, 2008 5:33 PM, crazy frog crazy frog <i.m.crazy.frog () gmail com> wrote:
> more,its not a java script,looks like a html page[notice the <html>
> and <body> tag n the file] there is also a random function,which
> generate the random string which is used to store teh files on c drive
> and may be for the random url.its trying to play mp3 and other
> files.all looks like messed up.may be there is another script which is
> getting embeded in pages which infect calling this script?
>
>
> On Jan 13, 2008 9:31 PM, crazy frog crazy frog <i.m.crazy.frog () gmail com> wrote:
> > Hi,
> >
> > Recently on opening one of my site,my antivirus pops up saying that it
> > has found on malicious script.the url is random and i have managed to
> > get tht script.it is using some flaw in apple quick time.
> > u can get the zip file for java script here:
> > http://secgeeks.com/what.zip
> > password is 12345
> > can somebody guide/help me what is this and how can i remove it?
> >
> > --
> > advertise on secgeeks?
> > http://secgeeks.com/Advertising_on_Secgeeks.com
> > http://newskicks.com
>
>
>
> --
> advertise on secgeeks?
> http://secgeeks.com/Advertising_on_Secgeeks.com
> http://newskicks.com



-- 
www.RobertMcArdle.com/blog/ - Techie/Security/Inane Ramblings