Tag: exploit

Iframe Alias(dot)jjbworks(dot)com Mass Infection

Another hidden and malicious iframe is spreading by infecting websites: The iframe code is added before the BODY tag of the HTML page and is obfuscated: The extracted malicious link is: hxxp://alias .jjbworks .com/analytics.php Details about the malicious domain: Website: alias .jjbworks .com Domain Hash: 2f8f518cb5d452fca78b8c1...
Continue reading...

Iframe Bigdeal777(dot)com Mass Infection

Internal honeypots have reported a lot of websites infected with a hidden and malicious iframe code that is added at the end of the HTML tag or before the BODY tag of the page, the malicious iframe looks like this: Download the iframe code (pass is novirusthanks.org): iframe.zip / 1 KB Here is a small […]
Continue reading...

Preventsweating.com infected by Incognito Exploit Kit

Our honeypot has logged an infected website: hxxp://www.preventsweating .com The malicious javascript code is at the end of the page: Download dumped content (pass is novirusthanks.org): exploit.zip / 1 KB We have analyzed the infected website with our sandbox and we can see from the network traffic that the obfuscated javascrip...
Continue reading...

Karn!v0r3x v1.0 Exploit Kit

There is a new exploit kit in the wild, this time named Karn!v0r3x v1.0: Html code of the login page: <html> <head> <title>Karn!v0r3x v1.0 [Inicio]| Malandrines .n3t</title> <script language="JavaScript" src="files/fallt.js"></script> <style> body{background:black;col...
Continue reading...

Blackhole Exploit Kit Served With Google Images Links

While searching images on Google Images, we noted a suspicious redirect: hxxp://epnfmackey. info/index.php?tp=81350e0ebb536599 It looks like the Blackhole Exploit Kit URL format! Malicious code can be found by analyzing the page source: The main redirect was created by this malicious URL: hxxp://www.buy-itraconazole. info/noob-t...
Continue reading...

0-Day Exploit for all Windows Systems CVE-2010-0232

Recently Tavis Ormandy has published an interesting vulnerability that affects all 32bit x86 versions of Windows NT (x64 systems are not affected) released since 27 Jul 1993 to 2009, including also the latest Windows Seven. The vulnerability lets local users obtain elevated privileges on the target system, by exploiting a flaw i...
Continue reading...

Website with hidden iframe and Malware Analysis

All began this morning (16/10/2008) at 13:00am, I checked the HTML code of index.php and I saw something suspicious inside. Our index.php and 4 other .php pages were infected with an iframe from 11:00am to 13:00am, and fortunately we analyze the code of our site every 2/3 hours, and immediatly removed the infected code. I [&hell...
Continue reading...