SEARCH RESULTS
 
Showing 1-10 of 19 records
 
Expand article

Embedding Malicious IFRAMEs Through Stolen FTP Accounts

The Article has images
2008-03-03 10:14:01 by HASH0x8b0b9bc in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...IFRAMEs, stolen FTP accounts, Fortune 500 companies, Russia. Nothing's wrong with that unless of course you're interested in the whole story and the big picture, which wouldn't be excluding the possibility for having a Fortune 500 company's servers acting as C&Cs for a large botnet. Why are Fortune 500 servers excluded as impossible to get...
 
Tags: ftp accounts, ftp, iframes, malicious iframes, web service, service, ftp account credentials, demand service, data
 
 
 
 
Expand article

Injecting IFRAMEs by Abusing Input Validation

The Article has images
2008-03-07 15:53:50 by HASH0x8bac8b8 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...IFRAMEs at high page rank-ed sites owned by CNET Networks, in fact Symantec's Internet Threat Meter monitor for web activities rated it medium risk , and urged extra caution On March 4, 2008, reports of an IFRAME attack coming from ZDNet Asia began to surface. Attackers appear to have abused the ZDNet search engine's cache by exploiting a...
 
Tags: input validation, input validation checks, plan input validation, input, input validation refers, input validation flaw, iframes, iframe, iframe attack
 
 
 
 
Expand article

Massive IFRAME SEO Poisoning Attack Continuing

The Article has images
2008-03-27 21:12:29 by HASH0x8b4fa7c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...IFRAMES, whose loading state entirely relies on the site's web application security practices - or the lack of What has changed since the last time? The number and importance of the sites has increased, Google is to what looks like filtering the search results despite that the malicious parties may have successfully injected the IFRAMEs...
 
Tags: massive, single massive seo, profile sites, profile sites iframe, attack, seo, malware, malware attack, massive blackhat seo
 
 
 
 
Expand article

Wired.com and History.com Getting RBN-ed

The Article has images
2008-03-10 14:20:33 by HASH0x8aeaaa0 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...IFRAMEs, a complete list of which you can find in this post, several directly hosted within RBN's network the main domain serving the heavily obfuscated VBS malware is located within the Russian Business Network's known netblocks given the high page ranks of the current and the previous targets, it is evident that the malicious parties...
 
Tags: malware, vbs malware, malware attack, rbn, media malware gang, iframe injection attack, iframe injection, malware research, high-profile sites
 
 
 
 
Expand article

Malware Serving Exploits Embedded Sites as Usual

The Article has images
2008-01-09 18:04:58 by HASH0x8957398 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...IFRAMES loading campaigns. qx13.cn/3.htm (61.174.61.94) (IE COM CreateObject Code Execution (MS06-042) which loads sp. 070808.net/23.htm , (75.126.3.218) where the following try to load as well sp.070808.net/in.htm wc.070808.net/37.htm az.sbb22.com/hh.htm um.uuzzvv.com/uu.htm fa.55189.net acc.jqxx.org/40.htm ktv.mm5208.com/25.htm Two other...
 
Tags: htm, load uc147, uc147, loads 8v8, 8v8, load 8v8, iframes, recent realplayer exploit, secondary iframes
 
 
 
 
Expand article

The United Nations Serving Malware

The Article has images
2008-04-23 10:13:00 by HASH0x8b31c98 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...IFRAMES, such as nihaorr1.com/ Real.gif niha orr1.com/ Yahoo.php nihaorr1.com/ cuteqq.htm nihaorr1.com/ Ms07055.htm nihaorr1.com/ Ms07033.htm nihaorr1.com/ Ms07018.htm nihaorr1.com/ Ms07004.htm nihaorr1.com/ Ajax.htm nihaorr1 .com/ Ms06014.htm nihaorr1.com/ Bfyy.htm nihaorr1.com/ Lz.htm nihaorr1.com/ Pps.htm nihaorr1.com/ XunLei.htm and...
 
Tags: malware, attack, malware attack, anti-malware vendor, media malware gang, htm, nihaorr1, load nihaorr1, attack tactic
 
 
 
 
Expand article

More CNET Sites Under IFRAME Attack

The Article has images
2008-03-06 10:50:57 by HASH0x8b1424c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...IFRAMEs, abusing their search engine's local caching, and storing of any keyword feature , in a combination with a loadable IFRAME What has changed for the past 24 hours, despite that the now over 51,900 pages at zdnetasia.com continue to be indexed by search engines? The folks at ZDNet Asia have taken care of the IFRAME issue, so that such...
 
Tags: iframe, cnet sites, sites, iframe-ed pages, pages, cnet, iframe redirects, iframe campaign, campaign
 
 
 
 
Expand article

The Dutch Embassy in Moscow Serving Malware

The Article has images
2008-01-28 16:07:58 by HASH0x8af6a58 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...IFRAMEs Everywhere I See Alive IFRAMEs Everywhere - Part Two Have Your Malware in a Timely Fashion Cached Malware Embedded Sites Compromised Sites Serving Malware and Spam Malware Serving Online Casinos
 
Tags: malware, attack, malware attack, media malware gang, redirector script, script, alive iframes, royal netherlands embassy, alive
 
 
 
 
Expand article

Serving Malware Through Advertising Networks

The Article has images
2008-02-18 10:58:53 by HASH0x8bfe2fc in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...IFRAMEs to funppc.com/cgi-bin/pl/affiliates/referral.cgi?referral=3098 (63.219.176.194 look.fxlayer.net/hop.php (87.98.255.2 hartnetwork.org/cgi-bin/in.cgi?p=1018b (216.246.31.236) - Neosploit malware kit Moreover, two other IFRAMEs within banner.php attempt to load a multitude of exploit serving URLs. xtraff.biz/ads1.htm loads ...
 
Tags: malware, php attempt, php, neosploit malware kit, xtraff, exploit, live exploit urls, urls, htm