Incidents.org is reporting on the defacement of a security related web site (winsnort.com). They say they usually decline to comment on those because the attention is what the defacers thrive on. However, it does pay to keep your browser updated and antivirus current. What’s more…. Several days ago there was the news that the President of Iran now has a blog (which is ironic in many ways given the restrictions they place on internet use….) But… anyway, I figured he is getting his propaganda tool our and ready in advance of the UN showdown over the nuclear program. Well, it turns out that some have noticed an interesting gift from the visit to Mr. Ahmadinejad’s site….
According to the post, if visiting the site from Israel and attempting to click on a link she received a Norton Antivirus warning about an IE exploit attempt. From the screenshots the ip was 184.108.40.206 and the exploit was tagged as “HTTP MS IE File DragDrop Embed Code” attack. It did check out to be an Iranian IP address according to her research and the link she describes as being from the www.ahmadinejad.ir to www.khamenei.ir
I can’t seem to confirm any exploit here in the US, however I just may not be lucky. Can anyone outside of Israel corroborate this? Or is this just targetted at Israeli IP’s? Or, is there another explanation? Be cautious out there.
Edit— BTW, the IP address above seems to be the www.khamenei.ir site which is “Grand Ayatollah Seyyed Ali Khamenei official website – I.R.R.C.I”. This is one of the links from the site of Ahmadinejad.
Patches for this vulnerability have been out for some time…. MS045-038 is supposed to address the problem.
Some are suggesting that the activity seen was a false positive. Some information on that here. Also there is news that Israeli hackers shut down the site for a time (DoS I suppose).
Related PostsRelated Posts
- How to Remove TRE Antivirus | TRE Antivirus Removal Guide TRE Antivirus is a new entry in the Wini Family of rogue antivirus software. This family includes SoftCop (SoftCop Removal), Softsoldier (How to remove SoftSoldier), ( TrustFighter TrustFighter Removal Guide, TrustSoldier removal guide and the following others... SafeFighter (Safefighter Removal), TrustCop (TrustCop Removal Guide), SecureWarrior (SecureWarrior Removal), SecurityFighter (SecurityFighter Removal),......
- Phishing - so many flaws to exploit so little time In the last week there was a well documented writeup of a cross site scripting vulnerability which had allowed a phisher to pose as a paypal login with THE LEGIT PAYPAL SSL CERTIFICATE.... Brian Krebs at the Security Fix has some details on some of the new and interesting ways......
- Zotob update There was an update at Incidents.org on the Zotob worm and specifically an advisory related to Cisco products. From their site.... **snipped from NISCC** "Affected Products ================= If the software versions or configuration information are provided, then only those combinations are vulnerable. This is a list of appliance software that......
- Getting Backlinks To Your Site No doubt one of the most important things you can do for yourself if you are buildingÂ network marketing blogs is getting links back to your site. To be honest with you Network Marketing is a very hard keyword phrase to get ranked for.Â If you are just getting started......
- Membership Websites: Discovering The Proper Niches Membership web sites can be particularly profitable and make you an excellent deal of capital on the internet. You initially need to decide on the right niche, because some are much more profitable than others, although the most profitable niches might be extremely oversubscribed with competing web pages. Nevertheless, membership......
- Brief Analysis About Link Building Services The fact that it's not straightforward to acquire related links directed to your web, but that does not indicate you cannot do it. Overall, the link building is dominant due to it is one of plenty smart ways to expand your business website position in essential search engines such as......
- WMF exploit testing on Windows 98
- Windows 98 and WMF exploit posts
- Virus Warning – Email Subjects – IRS Notice – Important Information from the IRS
- Hexblog (WMF unofficial patch) back up
- More testing on the second WMF exploit