[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <997ef2c20805180628n5aed220agef8c9b3ea734487a@mail.gmail.com>
Date: Sun, 18 May 2008 08:28:53 -0500
From: "Nate McFeters" <nate.mcfeters@...il.com>
To: "Stuart Dunkeld" <stuartd@...il.com>
Cc: full-disclosure@...ts.grok.org.uk,
Dancho Danchev <dancho.danchev@...il.com>
Subject: Re: Redmond Magazine SQL Injected by Chinese
Hacktivists
So far from what I've read I've only heard talk of this as SQL
injection to update tables and put in these malicious links, but I've
heard no talk of data exfiltration... Has anyone heard about data
being stolen as a result of this widespread attack?
Nate
On 5/17/08, Stuart Dunkeld <stuartd@...il.com> wrote:
> Funnily enough, I noticed this yesterday when looking for some info on
> Virtual Server. Google has ~ 45,000 hits for wowyeye.cn/m.js but only
> a small minority are marked as malicious sites..
>
> Other pages on redmondmag.com - for example
> http://redmondmag.com/columns/article.asp?EditorialsID=1166&page=3 -
> reference www.qiqigm.com which is currently alive and attempting MDAC
> and RealPlayer exploits
>
> -- stuart
>
> On Fri, May 16, 2008 at 11:29 PM, Dancho Danchev
> <dancho.danchev@...il.com> wrote:
>> Hello,
>>
>> It appears that Redmond - The Independent Voice of the Microsoft IT
>> Community, formerly known as Microsoft Certified Professional Magazine
>> is currently flagged as a badware site, and third-party exploit
>> detection tools are also detecting internal pages as exploit hosting
>> ones, in this particular case Mal/Badsrc-A. Redmond Developer News and
>> Redmond Channel Partner Online are also affected.
>>
>> An analysis is available at :
>>
>> http://blogs.zdnet.com/security/?p=1118
>>
>> Regards
>> --
>> Dancho Danchev
>> Cyber Threats Analyst/Blogger
>> http://ddanchev.blogspot.com
>> http://windowsecurity.com/Dancho_Danchev
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists