Incidents.org is reporting on the defacement of a security related web site (winsnort.com). They say they usually decline to comment on those because the attention is what the defacers thrive on. However, it does pay to keep your browser updated and antivirus current. What’s more…. Several days ago there was the news that the President of Iran now has a blog (which is ironic in many ways given the restrictions they place on internet use….) But… anyway, I figured he is getting his propaganda tool our and ready in advance of the UN showdown over the nuclear program. Well, it turns out that some have noticed an interesting gift from the visit to Mr. Ahmadinejad’s site….
According to the post, if visiting the site from Israel and attempting to click on a link she received a Norton Antivirus warning about an IE exploit attempt. From the screenshots the ip was 220.127.116.11 and the exploit was tagged as “HTTP MS IE File DragDrop Embed Code” attack. It did check out to be an Iranian IP address according to her research and the link she describes as being from the www.ahmadinejad.ir to www.khamenei.ir
I can’t seem to confirm any exploit here in the US, however I just may not be lucky. Can anyone outside of Israel corroborate this? Or is this just targetted at Israeli IP’s? Or, is there another explanation? Be cautious out there.
Edit— BTW, the IP address above seems to be the www.khamenei.ir site which is “Grand Ayatollah Seyyed Ali Khamenei official website – I.R.R.C.I”. This is one of the links from the site of Ahmadinejad.
Patches for this vulnerability have been out for some time…. MS045-038 is supposed to address the problem.
Some are suggesting that the activity seen was a false positive. Some information on that here. Also there is news that Israeli hackers shut down the site for a time (DoS I suppose).
Related PostsRelated Posts
- Zotob update There was an update at Incidents.org on the Zotob worm and specifically an advisory related to Cisco products. From their site.... **snipped from NISCC** "Affected Products ================= If the software versions or configuration information are provided, then only those combinations are vulnerable. This is a list of appliance software that......
- Identity theft So, you don't click on "phishy" links, keep your pc free from spyware, only bank at secure websites, do all the good things a cautious computer user is supposed to do to keep from having your identity stolen. Your safe right? Not entirely. I just found this in the Security......
- Update on the Internet Explorer VML vulnerability Just catching up on the days VML vulnerability news from today.... It looks as though... the exploit is now MUCH more widespread this blog has some video of an infection, what's notable is that the first take was VERY UNEVENTFUL, it was used to stealthily install a keylogger. (So that......
- How Can You Improve Your Website's Google Authority? This is a guest post! If you want to write for us, check out the Guest Post section. What does it mean when someone says my site needs authority on Google to be listed higher? If you’re with an SEO company, or have an SEO individual looking after your site’s......
- Reciprocal Link Building - Double The Web Traffic To Your Site Reciprocal Link Building - Double The Web Traffic To Your Site Reciprocal reciprocal link building is one of the best ways to attract a substantial amount of web traffic to your site. In this process, you have to exchange link with another high traffic website. You start the process by......
- Effective Ways to Get Traffic to Affiliate Sites Traffic is one of the most difficult things to get as an affiliate. How do you get it without wasting your money and how do you get traffic that actually converts into sales or leads? One thing is absolutely clear to any affiliate who gets started promoting products: itâs virtually......
- WMF exploit testing on Windows 98
- Windows 98 and WMF exploit posts
- Virus Warning – Email Subjects – IRS Notice – Important Information from the IRS
- Hexblog (WMF unofficial patch) back up
- More testing on the second WMF exploit