|
|
|
|||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
| News - Security Threats & Alerts This thread focuses on Malawares, Malicious Website, Trojan horse and other threats and alerts in circulation |
 |
|
|
Thread Tools | Rate Thread | Display Modes |
|
#1
04-03-07, 12:50 PM
|
||||
|
||||
|
WSLabs, Malicious Website / Malicious Code: Email Lures for ANI Zero-Day
WSLabs, Malicious Website / Malicious Code: Email Lures for ANI Zero-Day Inbox
Websense Security Labs <DoNotReply@websensesecuritylabs.com> to me show details 8:16 am (1½ hours ago) Websense Security Labs(TM) has discovered a large email spam run that includes links to sites that are hosting ANI exploit code. Users receive an email with the subject line "Hot Pictures of Britiney Speers" that is written in HTML and has anti-spam avoidance text within the HTML comments. Users who click on the links are redirected to one of several websites that we are tracking. The sites contain obfuscated JavaScript. The decoded JavaScript sends all users to the same website, which is hosting the exploit code. When users connect, a file is downloaded and installed without any end-user interaction. The file is called 200.exe with the MD5 of b017cae51e4498c309690b8936f2fa79. The binary file appears to be a new variant of a file infector with operating system hooks and spamming capabilities. A more complete analysis will soon appear on our blog. The main server that hosts the exploit code is hosted in Russia and has been used by groups that have installed rootkits, password stealing Trojans, and other nefarious code in the past. For additional details and information on how to detect and prevent this type of attack: http://www.websensesecuritylabs.com/...hp?AlertID=764
__________________
|
Linear Mode
