[Full-disclosure] ZDNet Asia and TorrentReactor IFRAME-ed
dancho.danchev at gmail.com
Tue Mar 4 15:52:58 GMT 2008
An in-depth overview of a currently active malware IFRAME campaign,
that's targeting ZDNet Asia and TorrentReactor's search engine
optimization practices of generating, and locally caching the search
queries pages, thereby positioning the now cached popular keywords
with the IFRAME between the first ten to twenty search results, taking
advantage of the sites' high page ranks. The current state of the
exploitation technique used, allows the malicious parties to basically
inject as many, and as diverse keywords, presumebly taking advantage
of today's world events. Sample redirects, lead me to known Russian
Business Network netblocks and ex-customers in the face of rogue
anti-virus and any-spyware applications, as well as fake codecs.
Cyber Threats Analyst/Blogger
Full-Disclosure is hosted and sponsored by Secunia.