| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <b787ce30803120751u68d87608y898f2b27c0f3221b@mail.gmail.com> Date: Wed, 12 Mar 2008 06:51:20 -0800 From: "Dancho Danchev" <dancho.danchev@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: More High Profile Sites IFRAME Injected The ongoing monitoring of this campaign reveals that the group is continuing to expand the campaign, introducing over a hundred new bogus .info domains acting as traffic redirection points to the campaigns hardcoded within the secondary redirection point, in this case radt.info where a new malware variant of Zlob is attempting to install though an ActiveX object. Sample domains targeted within the past 48 hours : lib.ncsu.edu; fulldownloads.us; cso.ie; dblife.cs.wisc.edu; www-history.mcs.st-andrews.ac.uk; ehawaii.gov; timeanddate.com; boisestate.edu; aoa.gov; gustavus.edu; archive.org; gsbapps.stanford.edu; bushtorrent.com; ccie.com; uvm.edu; thehipp.org; mnsu.edu; camajorityreport.com; medicare.gov; usamriid.army.mil http://ddanchev.blogspot.com/2008/03/more-high-profile-sites-iframe-injected.html Regards -- Dancho Danchev Cyber Threats Analyst/Blogger http://ddanchev.blogspot.com http://windowsecurity.com/Dancho_Danchev _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists