Difference between revisions of "New Chinese exploit pack"
Jump to navigation
Jump to search
(No difference)
|
Revision as of 15:43, 16 August 2012
(Publication) Google search: [1]
New Chinese exploit pack | |
---|---|
Botnet | |
Malware | |
Botnet/malware group | |
Exploit kits | KaiXin |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / 02 août 2012 |
Editor/Conference | Kahu Security |
Link | http://www.kahusecurity.com/2012/new-chinese-exploit-pack/ www.dahusecurity.com (www.dahusecurity.com Archive copy) |
Author | Darryl |
Type |
Abstract
“ A Korean news site was recently observed distributing malware. I thought it would be an opportune time to test out my program that attempts to locate malicious scripts on a website. Here’s an excerpt from the results [...] Looking at the screenshot above from the bottom up, we see some suspicious content from an IP address. That page gets called by an infected “popupmenu.js” file. And that file gets referenced on the main news page. Good, we know now where to start looking! By the way, the “ad.html” page that gets iframed has an “entropy” value of about 68% which is rather high (see top of the screenshot). This suggests the page has obfuscated Javascript.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR458, editor = {Kahu Security}, author = {Darryl}, title = {New Chinese exploit pack}, date = {Error: Invalid time.}, month = Error: Invalid time., year = {2012}, howpublished = {\url{http://www.kahusecurity.com/2012/new-chinese-exploit-pack/ www.dahusecurity.com}}, }