| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 6 Mar 2008 08:12:54 -0800 From: "Dancho Danchev" <dancho.danchev@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: More CNET Sites Under IFRAME Attack With the recent IFRAME injection attack targeting ZDNet Asia, by abusing the site's search engine caching capabilities in a combination with the lack of input sanitization, several more CNET Networks' web properties besides ZDNet Asia, namely, TV.com, News.com and MySimon.com are currently getting targeted using the same technique to inject the IFRAMEs and have the sites cache and locally host the results. The following assessement outlines the IPs and domains used in the IFRAMEs, the domains and IPs hosting the rogue anti-virus and anti-spyware applications, as well as the detection rates of the applications. http://ddanchev.blogspot.com/2008/03/more-cnet-sites-under-iframe-attack.html Regards -- Dancho Danchev Cyber Threats Analyst/Blogger http://ddanchev.blogspot.com http://windowsecurity.com/Dancho_Danchev _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists