Malicious .biz site and browser vulnerabilities



This from incidents.org as well… A user visited a webpage and got redirected to hxxp://iframebiz.biz/dl/adv443.php (tt changed to xx to protect anyone from getting there…)

Among other things… the page was obfuscated and many malicious bits of software loaded through javascript…. such as hxxp://iframebiz.biz/dl/adv443/sploit.anr and hxxp://iframebiz.biz/dl/loadadv443.exe and hxxp://iframebiz.biz/dl/adv443.hta and some sort of loaderadv443.jar and… http://iframebiz.biz/dl/adv443/x.chm


It looks like a bunch of malicious software trying to exploit a variety of vulnerabilities (old and new). Apparently this isn’t a new way of getting these installed (they found 9 DNS names have been used in the last week) – traffsale.biz iframesite.biz iframetraff.biz toolbartraff.biz buytraff.biz iframecash.biz toolbarurl.biz iframebiz.biz and toolbarbiz.biz all have been used by an machine at 81.9.5.10

They’ve tried contacting the ISP and for fun infected a VMware virtual machine. More than 50 files were pulled down from all over.

Not that Firefox is invincible, but … most exploits in the wild affect unpatched Internet Explorer vulnerabilities which is why I usually recommend Firefox…

Related Posts

Blog Traffic Exchange Related Posts
  • Firefox zero-day vulnerability (or is it?) I saw a comment somewhere else that zero-day was overused and in essense ANY previously unknown vulnerability in open source software is technically zero day... the intent here though is to use the word in this context.... "vulnerability has been released without giving the vendor an opportunity to patch..." Yes,......
  • Windows more secure than Linux? For the last week, I've seen various headlines referring to a report from US-CERT that indicated 2005 had 5,198 security flaws reported. Out of those 2,328 were reported for Linux/Unix, 812 for Windows and 2,058 affecting more than one operating system. Now, I'm seeing all sorts of headlines about how......
  • Sony DRM Rootkit -- it's worse I did this as updates to an earlier post, but it probably deserves it's own post now. The morning brought us the news of SERIOUS flaws in the Uninstaller ActiveX control for Sony's DRM, then came news of ANOTHER flaw, this one a privilige escalation "attacker can take control of......
Blog Traffic Exchange Related Websites
  • How to Install a Home Security System: Most Common Pitfalls Installing a home security system might seem easy. To be sure, it’s a lot easier to install one today than it was just a decade ago. Inexpensive consumer electronics components combined with robust wireless technology means that even an amateur can put in a decent system. Just because it’s easy,......
  • Black Hat // Webcast 28 - HTTP Parameter Pollution Vulnerabilities in Web Applications HTTP Parameter Pollution Vulnerabilities in Web Applications // Marco Balduzzi http://links.covertchannel.blackhat.com/ctt?kn=4&m=36625440&r=ODMwMzU3MTg2MAS2&b=2&j=MTAxNjM3NzA1S0&mt=1&rt=0 ----------------------------------- OVERVIEW: While input validation vulnerabilities such as XSS and SQL injection have been intensively studied, a new class of injection vulnerabilities called HTTP Parameter Pollution (HPP) has not received as much attention. HPP attacks consist of injecting encoded......
  • Why You Need a Good Home Security System There are many unexpected things which can happen these days. The world can seem pretty cruel at times. This is when you want to be able to come home and feel safe. After all, your home is a place where you want to be able to feel your best......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site