Full Disclosure mailing list archives
Re: CVE-2010-0249 in the wild
From: Marc Maiffret <marc () marcmaiffret com>
Date: Fri, 22 Jan 2010 19:57:58 -0800
And one has to wonder what exactly it means if anything that some of the exploits involved are dropping malware that installs and manipulates your web browsing experience to be geared towards Sogou.com, a distasteful Google knock off in China. More than that though they even install Sogou Explorer which appears to be a Google Chrome like, but yet again clunky, knock off. So is it attackers that just happen to really love Sogou and want to share it with the world? Criminals doing it to make money off of Sogou browser install referral programs? (If they have such a thing.) Chinese company looking to expand its market share through hacking? And if so is there government support for such a program? And if so again then how does Baidu feel about that? Or something else entirely making this a completely moot point to begin with? Inquiring minds want to know... It is funny to me the hax0r cool biological warfare (since people love to compare the two, bleh.) aspect of these attacks originating, supposedly, from a country whose population is more susceptible to compromise than that of the target. That is of course at least more easily susceptible given the prevalence and reliability of IE 6 exploits vs. other IE versions. With China having an estimated 60%[1] of browsers on IE6 vs. 12% in the U.S. Not to imply further as to a country being the culprit. In that vein though you do have to find the irony that unlike physical warfare, where a dropped bomb is a dead bomb, here in cyberspace you can drop a bomb that can then be tossed back at you more effectively than your original. Signed, Marc Maiffret Chief Security Architect FireEye, Inc. http://www.FireEye.com [1] - http://gs.statcounter.com/#browser_version-CN-daily-20080701-20100119-bar On Fri, Jan 22, 2010 at 2:41 PM, exploit dev <extraexploit () gmail com> wrote:
Hi to all, i have just updated the list of URL that spreading stuff through cve-2010-0249. If you are interested check: http://extraexploit.blogspot.com/2010/01/cve-2010-0249-in-wild-xx2228866org-and.html -- http://extraexploit.blogspot.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- CVE-2010-0249 in the wild exploit dev (Jan 20)
- Re: CVE-2010-0249 in the wild exploit dev (Jan 22)
- Re: CVE-2010-0249 in the wild Marc Maiffret (Jan 22)
- Re: CVE-2010-0249 in the wild exploit dev (Jan 22)
- Re: CVE-2010-0249 in the wild Marc Maiffret (Jan 22)
- Re: CVE-2010-0249 in the wild exploit dev (Jan 22)