Driveby downloads - archive

[AplusWebMaster]

FYI...

TorrentReactor.net - drive-by-download - leads to exploit
- http://blogs.paretologic.com/malware...ds-to-exploit/
May 10, 2010 - "The popular website torrentreactor .net is home of a drive-by download. I tested it this morning and the exploit is still live, so please be careful... Wepawet report* indicates “Multiple Adobe Reader and Acrobat buffer overflows”... What’s happening is probably a third party advertisement site that promotes on TorrentReactor has been compromised... The malicious PDF is detected by 6/40 vendors on VirusTotal**..."
* http://wepawet.iseclab.org/view.php?...513777&type=js
** http://www.virustotal.com/analisis/8...a1b-1273512771
File 9E5F92DB78287D690C62AD9DBD6CAA64. received on 2010.05.10 17:32:51 (UTC)
Result: 6/40 (15.00%)

- http://ddanchev.blogspot.com/2010/05...crimeware.html
May 11, 2010 - "...appears to be taking place through a malicioud ad serving exploits using the NeoSploit kit, which ultimately drops a ZeuS crimeware sample hosted within a fast-flux botnet..."

- http://google.com/safebrowsing/diagn...ntReactor.net/
"... last time Google visited this site was on 2010-05-15, and the last time suspicious content was found on this site was on 2010-05-13. Malicious software includes 13 trojan(s), 10 exploit(s). Successful infection resulted in an average of 1 new process(es) on the target machine. Malicious software is hosted on 16 domain(s), including netping.dyndns.dk/, endroiturlredirect.com/, burgsiutrehosa.com/. 13 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including fulldls.com/, shtraff.ignorelist.com/, yieldmanager.com/..."

[AplusWebMaster]

FYI...

* >> http://forums.spybot.info/showpost.p...66&postcount=7
QuickTime 7.6.8 released - September 15, 2010
___

QuickTime QTPlugin.ocx input validation vuln...
- http://secunia.com/advisories/41213/
Last Update: 2010-09-16
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution: Update to version 7.6.8*...

- http://community.websense.com/blogs/...-the-wild.aspx
07 Sep 2010 - "... Websense... has discovered exploitation of this vulnerability in the wild..."

- http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-1818
Last revised: 09/01/2010
CVSS v2 Base Score: 9.3 (HIGH)

- http://securitytracker.com/alerts/2010/Aug/1024376.html
Aug 31 2010

- http://www.symantec.com/security_res...atconlearn.jsp
Aug. 31, 2010 - "... Users may wish to disable the QuickTime plugin until a patch is available; this can be achieved by setting the killbit for the affected control (02BF25D5-8C17-4B23-BC80-D3488ABDDC6B) -or- renaming the plugin (QTPlugin.OCX)..."

- http://www.theregister.co.uk/2010/08...critical_vuln/
30 August 2010 - "... exploit... works only against those who have Microsoft's Windows Live Messenger installed..."

- http://isc.sans.edu/diary.html?storyid=9472
Last Updated: 2010-08-30 23:24:53 UTC

[AplusWebMaster]

FYI...

IE 0-day hosted on Amnesty International site
- http://community.websense.com/blogs/...2D00_day-.aspx
10 Nov 2010 - "Websense... has detected that the Hong Kong Website of human rights organization Amnesty International has been compromised by multiple exploits, including the most recent Microsoft Internet Explorer 0-day. In one attack, an iframe has been injected into the index page, resulting in a quiet redirection of any visitor to an exploit server controlled by the cyber criminals... The injected code resides at hxxp: //www .amnesty.org.hk/schi/[removed]ox.html."

> http://forums.spybot.info/showpost.p...1&postcount=70
___

Drive-By Downloads: Malware's Most Popular Distribution Method
- http://www.darkreading.com/taxonomy/...e/id/228200810
Nov 12, 2010