<![CDATA[[SecurityRatty] tag: whitehouse]]>

<![CDATA[[SecurityRatty] tag: whitehouse]]> http://securityratty.com/tag/whitehouse Tue, 20 May 2008 22:38:02 +0000 iRatty Engine http://blogs.law.harvard.edu/tech/rss <![CDATA[Links for 2008-06-20 [del.icio.us]]]> http://securityratty.com/article/80b3696bcd994752426b86df5a76d874 http://securityratty.com/article/80b3696bcd994752426b86df5a76d874

]]> Fri, 20 Jun 2008 20:00:00 +0000 pci dss news common event expression logs logs matter information sanford whitehouse disk readers cee documents matters Links for 2008-06-20 [del.icio.us] <![CDATA[The Whitehouse.org Serving Malware]]> http://securityratty.com/article/4f895840b6d5da9c0d894880f418e55c http://securityratty.com/article/4f895840b6d5da9c0d894880f418e55c

The Whitehouse.org a parody site of the original Whitehouse.gov is serving malware. From TrendMicro's blog :

"According to Trend Micro Advanced Threats Researcher David Sancho, whitehouse.org has been compromised to harbor some malicious, obfuscated JavaScript code which “background downloads” code to unsuspecting visitors of the site, where a malicious file is downloaded (which is detected by Trend Micro as TROJ_DELF.GKP ). Of course, the official White House Web site is whitehouse.gov, and although it has been reported that some people believe whitehouse.org is the real deal, even those looking for this site specifically should be forewarned."

The malicious domain embedded within the site ad.ox88.info/13.htm (67.15.212.150) is using Mal/ObfJS-AP/Exploit:HTML/AdoStream to serve the malware, whereas the domain itself is using DNS servers known to provide service to malicious domains from previous malware embedded attacks that I've been assessing.

]]> Tue, 20 May 2008 22:38:02 +0000 whitehouse malware malicious malicious domains original whitehouse org malicious file parody site site The Whitehouse.org Serving Malware