Advertisement
Home arrow ITsec News arrow Hack Yourself!
Thursday, 28 August 2008
  
 
Last week attacks
O.S.  Defs.  %
Linux  16131  83.52%
Win 2003  2043  10.58%
FreeBSD  600  3.11%
Win 2000  241  1.25%
SolarisSunOS  144  0.75%
Other  154  0.80%

Total attacks: 19313 of which 9056 single ip and 10257 mass defacements

Main Menu
Home
Digital Warfare
Geopolitics
ITsec News
ITsec Advisories
Test Drive
360°
Digital Attacks Archive
Zone-H events
Publications
Zone-H Friends/Partners
Contact Us
Search
Download Area
Zone-H forum
About this website
Login Form





Lost Password?
No account yet? Register
Visitors' Map
Hack Yourself! PDF Print E-mail
User Rating: / 9
PoorBest 
Tuesday, 26 June 2007

SANS Internet Storm Center published a bulletin on Friday that casts a new light on the capabilities of Social Engineering. The report describes a website whose visitors were infected with malware. And here is the problem since according to the author, Mr. Bojan Zdrnja, the site didn't use the nearly universal technique of an iframe, which allows exploit code to be siphoned in from another website .

So what? We are facing a case of pure Social Engineering technique.. and quite an effective one.

As reported by the Internet Storm Center, “ When visited, the web page in question (a game site related to RuneScape) shows couple of broken icons and all links just point to another web page that conveniently inform the user that his version of Macromedia Flash Player needs to be updated. After this notice, the user is redirected to a web site hosting a complete replica of the Shockwave Player Download Center”.

See the screen shot in the image below:

In the copy of Adobe’s website the attacker added the Java Script:

 

“var message="";
///////////////////////////////////


function clickIE() {if (document.all) {(message);return false;}}


function clickNS(e) {if

(document.layers||(document.getElementById&&!document.all)) {


if (e.which==2||e.which==3) {(message);return false;}}}


if (document.layers)


{document.captureEvents(Event.MOUSEDOWN);document.onmousedown=clickNS;}


else{document.onmouseup=clickNS;document.oncontextmenu=clickIE;}

 

document.oncontextmenu=new Function("return false")”

  

The downloaded malware contains a full installer that, when tested on VirusTotal, had very low detection.

  Actually, the fake website is quite easy to reckon, but careless users could easily be tricked. 

 


Comments Index (Total Messages: 1)
mm? Written by Guest on 2007-06-27 04:55:08

Powered by a Zone-H(ified) version of AkoComment 3.0!


DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The   author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice.
 
< Prev   Next >
[ Back ]
Advertisement
 
Top!
© 2008 Zone-H.org
Joomla! is Free Software released under the GNU/GPL License.
 Top!