AplusWebMaster
2007-03-15, 20:55
FYI...
- http://www.fortiguardcenter.com/advisory/FGA-2007-04.html
2007.March.14 ~ "Blogger.com, one of the most visited blog sites, now owned by Google.com, has been visited by hackers that are posting malicious scripts. The scripts have shown up on hundreds of Blogger.com sites, and in some cases, a possible vector of the Stration mass mailer is responsible for driving traffic to these sites. The malicious code has appeared in many different forms. The first is a “storefront” for Pharmacy Express, which redirects from a Blogspot.com (now Blogger.com) link. Clearly, the Pharmacy Express site is a phishing site, which is designed to derive personal details and financial information from its visitors. The site is able to bypass a few automated malicious Web analysis tools by inserting “Google.com” as a keyword in its HTML search code. Not only this, it uses a basic obfuscation to download a 1x1 pixel image to track the browser information – IP address, browser type and version, etc. While the Pharmacy Express site is hosted in China, the 1x1 pixel image is hosted and registered in the United States..."
(Screenshots available at the URL above.)
:fear: :mad:
- http://www.fortiguardcenter.com/advisory/FGA-2007-04.html
2007.March.14 ~ "Blogger.com, one of the most visited blog sites, now owned by Google.com, has been visited by hackers that are posting malicious scripts. The scripts have shown up on hundreds of Blogger.com sites, and in some cases, a possible vector of the Stration mass mailer is responsible for driving traffic to these sites. The malicious code has appeared in many different forms. The first is a “storefront” for Pharmacy Express, which redirects from a Blogspot.com (now Blogger.com) link. Clearly, the Pharmacy Express site is a phishing site, which is designed to derive personal details and financial information from its visitors. The site is able to bypass a few automated malicious Web analysis tools by inserting “Google.com” as a keyword in its HTML search code. Not only this, it uses a basic obfuscation to download a 1x1 pixel image to track the browser information – IP address, browser type and version, etc. While the Pharmacy Express site is hosted in China, the 1x1 pixel image is hosted and registered in the United States..."
(Screenshots available at the URL above.)
:fear: :mad: