Results 1 to 3 of 3

Thread: Driveby downloads - archive

  1. #1
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Driveby downloads - archive

    FYI...

    TorrentReactor.net - drive-by-download - leads to exploit
    - http://blogs.paretologic.com/malware...ds-to-exploit/
    May 10, 2010 - "The popular website torrentreactor .net is home of a drive-by download. I tested it this morning and the exploit is still live, so please be careful... Wepawet report* indicates “Multiple Adobe Reader and Acrobat buffer overflows”... What’s happening is probably a third party advertisement site that promotes on TorrentReactor has been compromised... The malicious PDF is detected by 6/40 vendors on VirusTotal**..."
    * http://wepawet.iseclab.org/view.php?...513777&type=js
    ** http://www.virustotal.com/analisis/8...a1b-1273512771
    File 9E5F92DB78287D690C62AD9DBD6CAA64. received on 2010.05.10 17:32:51 (UTC)
    Result: 6/40 (15.00%)

    - http://ddanchev.blogspot.com/2010/05...crimeware.html
    May 11, 2010 - "...appears to be taking place through a malicioud ad serving exploits using the NeoSploit kit, which ultimately drops a ZeuS crimeware sample hosted within a fast-flux botnet..."

    - http://google.com/safebrowsing/diagn...ntReactor.net/
    "... last time Google visited this site was on 2010-05-15, and the last time suspicious content was found on this site was on 2010-05-13. Malicious software includes 13 trojan(s), 10 exploit(s). Successful infection resulted in an average of 1 new process(es) on the target machine. Malicious software is hosted on 16 domain(s), including netping.dyndns.dk/, endroiturlredirect.com/, burgsiutrehosa.com/. 13 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including fulldls.com/, shtraff.ignorelist.com/, yieldmanager.com/..."

    Last edited by AplusWebMaster; 2010-05-15 at 17:42.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #2
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation QuickTime 0-day vuln ...

    FYI...

    * >> http://forums.spybot.info/showpost.p...66&postcount=7
    QuickTime 7.6.8 released - September 15, 2010
    ___

    QuickTime QTPlugin.ocx input validation vuln...
    - http://secunia.com/advisories/41213/
    Last Update: 2010-09-16
    Criticality level: Highly critical
    Impact: System access
    Where: From remote
    Solution: Update to version 7.6.8*...

    - http://community.websense.com/blogs/...-the-wild.aspx
    07 Sep 2010 - "... Websense... has discovered exploitation of this vulnerability in the wild..."

    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-1818
    Last revised: 09/01/2010
    CVSS v2 Base Score: 9.3 (HIGH)

    - http://securitytracker.com/alerts/2010/Aug/1024376.html
    Aug 31 2010

    - http://www.symantec.com/security_res...atconlearn.jsp
    Aug. 31, 2010 - "... Users may wish to disable the QuickTime plugin until a patch is available; this can be achieved by setting the killbit for the affected control (02BF25D5-8C17-4B23-BC80-D3488ABDDC6B) -or- renaming the plugin (QTPlugin.OCX)..."

    - http://www.theregister.co.uk/2010/08...critical_vuln/
    30 August 2010 - "... exploit... works only against those who have Microsoft's Windows Live Messenger installed..."

    - http://isc.sans.edu/diary.html?storyid=9472
    Last Updated: 2010-08-30 23:24:53 UTC

    Last edited by AplusWebMaster; 2010-09-17 at 18:05.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #3
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down IE 0-day hosted on Amnesty International site

    FYI...

    IE 0-day hosted on Amnesty International site
    - http://community.websense.com/blogs/...2D00_day-.aspx
    10 Nov 2010 - "Websense... has detected that the Hong Kong Website of human rights organization Amnesty International has been compromised by multiple exploits, including the most recent Microsoft Internet Explorer 0-day. In one attack, an iframe has been injected into the index page, resulting in a quiet redirection of any visitor to an exploit server controlled by the cyber criminals... The injected code resides at hxxp: //www .amnesty.org.hk/schi/[removed]ox.html."

    > http://forums.spybot.info/showpost.p...1&postcount=70
    ___

    Drive-By Downloads: Malware's Most Popular Distribution Method
    - http://www.darkreading.com/taxonomy/...e/id/228200810
    Nov 12, 2010

    Last edited by AplusWebMaster; 2010-11-18 at 22:08.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •