| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <b787ce30803271942i77fc127fu379159bbeb397f20@mail.gmail.com> Date: Thu, 27 Mar 2008 18:42:02 -0800 From: "Dancho Danchev" <dancho.danchev@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Massive IFRAME SEO Poisoning Attack Continuing Following last week's, massive SEO poisoning combined with IFRAME injections due to input validation flaws at sites with high pageranks, these are the very latest high profile sites successfully injected with IFRAMES forwarding to the rogue security software and Zlob malware variants like the one in the previous campaigns are : USAToday.com, ABCNews.com, News.com, Target.com, Packard Bell.com, Walmart.com, Rediff.com, MiamiHerald.com, Bloomingdales.com, PatentStorm.us, WebShots.com, Sears.com, Forbes.com, Ugo.com, Bartleby.com, Linkedwords.com, Circuitcity.com, Allwords.com, Blogdigger.com, Epinions.com, Buyersindex.com, Jcpenney.com, Nakido.com, Uvm.edu, hobbes.nmsu.edu, jurist.law.pitt.edu, boisestate.edu And this is the latest assessment of the situation in terms of the malware served and the domains/IPs involved : http://ddanchev.blogspot.com/2008/03/massive-iframe-seo-poisoning-attack.html Regards -- Dancho Danchev Cyber Threats Analyst/Blogger http://ddanchev.blogspot.com http://windowsecurity.com/Dancho_Danchev _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists