Advertisement
Home
Saturday, 22 November 2008
  
 
Last week attacks
O.S.  Defs.  %
Linux  8778  71.58%
Win 2003  1950  15.90%
Win 2000  722  5.89%
Solaris 9/10  402  3.28%
FreeBSD  226  1.84%
Other  185  1.51%

Total attacks: 12263 of which 4619 single ip and 7644 mass defacements

Polls
Should Zone-H continue mirroring defacements? (floods will be purged)
 
Main Menu
Home
Digital Warfare
Geopolitics
ITsec News
ITsec Advisories
Test Drive
360°
Digital Attacks Archive
Zone-H events
Publications
Zone-H Friends/Partners
Contact Us
Search
Download Area
Zone-H forum
About this website
Login Form





Lost Password?
No account yet? Register
ZONE-H In Numbers
 News: 14559
 Advisories: 11
 Managers: 1
 Administrators: 1
 Super Administrators: 3
 Operators: 3
 Registered Users: 38290
 Downloadable Files: 3888
 Digital Attacks: 2981160
 Attacks On Hold: 3064
 Online Users: 80
Syndicate
Visitors' Map
Highlight on most recent attacks
jiefanglu.gov.cn/zkn.txt by ZoRRoKiN       ytjj.gov.cn/zkn.txt by ZoRRoKiN       bislig.gov.ph by Ashiyane Digital Security Team       prefeiturajoseraydan.com.br by Fatal Error       semag.taquarussu.ms.gov.br by Fatal Error       pmsaltodolontra.com.br by Fatal Error       cmirituia.com.br by Fatal Error       pmriobrancodoivai.com.br by Fatal Error       prefeituraborrazopolis.com.br by Fatal Error       pmcurionopolis.com.br by Fatal Error       
Latest advisories
Latest on Digital Warfare
Latest on Geopolitics
Hack Yourself! PDF Print E-mail
User Rating: / 9
PoorBest 
Tuesday, 26 June 2007

SANS Internet Storm Center published a bulletin on Friday that casts a new light on the capabilities of Social Engineering. The report describes a website whose visitors were infected with malware. And here is the problem since according to the author, Mr. Bojan Zdrnja, the site didn't use the nearly universal technique of an iframe, which allows exploit code to be siphoned in from another website .

So what? We are facing a case of pure Social Engineering technique.. and quite an effective one.

As reported by the Internet Storm Center, “ When visited, the web page in question (a game site related to RuneScape) shows couple of broken icons and all links just point to another web page that conveniently inform the user that his version of Macromedia Flash Player needs to be updated. After this notice, the user is redirected to a web site hosting a complete replica of the Shockwave Player Download Center”.

See the screen shot in the image below:

In the copy of Adobe’s website the attacker added the Java Script:

 

“var message="";
///////////////////////////////////


function clickIE() {if (document.all) {(message);return false;}}


function clickNS(e) {if

(document.layers||(document.getElementById&&!document.all)) {


if (e.which==2||e.which==3) {(message);return false;}}}


if (document.layers)


{document.captureEvents(Event.MOUSEDOWN);document.onmousedown=clickNS;}


else{document.onmouseup=clickNS;document.oncontextmenu=clickIE;}

 

document.oncontextmenu=new Function("return false")”

  

The downloaded malware contains a full installer that, when tested on VirusTotal, had very low detection.

  Actually, the fake website is quite easy to reckon, but careless users could easily be tricked. 

 


Comments Index (Total Messages: 1)
mm? Written by Guest on 2007-06-27 04:55:08

Powered by a Zone-H(ified) version of AkoComment 3.0!


DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The   author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice.
 
< Prev   Next >
[ Back ]
Advertisement
 
Top!
© 2008 Zone-H.org - Unrestricted Information
Joomla! is Free Software released under the GNU/GPL License.
 Top!