Re: Chinese Internet Security Response Team Website Hosting M alicious Cont ent

["Paul Ferguson" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yes, this site is STILL hosting malicious content.

PLEASE USE CAUTION.

- - ferg


- -- "Paul Ferguson" <fergdawg () netzero net> wrote:

Via El Reg.

[snip]

A recent post by the team at the Chinese Internet Security Response Team to
their English-language site indicates that some of the site visitors are
experiencing an attack from the CISRT.org site as a result of an injected
IFRAME tag.

Injected IFRAME tags are not a new means of using legitimate sites to
launch attacks on unsuspecting users, with a recent notable case being the
Bank of India hack. What is different in this case is that the hack is only
being served to seemingly random site visitors.

[snip]

More:
http://www.theregister.co.uk/2007/10/02/chinese_internet_security_response_
team_attacked/

Note: I'm wondering if it is still hosting malicious content -- there is a
lot of embedded JavaScript at that site that I just don't have time right
now to examine in more detail. It is my opinion that a CERT/CSIRT webpage
shouldn't be a JavaScript minefield.

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFHAp08q1pz9mNUZTMRAqAVAKC1cWhm4mchNpyradDOGGywtXZOmQCfWLIw
EoODVZJWXazEe+R94YgowGc=
=cTF3
-----END PGP SIGNATURE-----




--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.