Elaborate Black Hole Infection
I normally come across straight-forward drive-by downloads. Due to some website compromise, a web page is modified to include a link to a malicious website (e.g. iframe or external Javascript file)...
View ArticleTwo Drive-Bys, One Site
It’s bad enough to get hit with one drive-by download…but two on one page?! It’s probably separate compromises made by two different people. One thing is for sure though…what’s common to all these...
View ArticleChinese Exploit Packs
While it can be difficult to attribute exploit packs in many cases, I believe it’s safe to say that there are a few made by Chinese authors. Their style can be seen across packs from the script used...
View ArticleHierarchy Exploit Pack
A new pack has emerged called Hierarchy Exploit Pack. Looks a lot like Eleonore but its exploits are different: CVE-2006-0003 CVE-2009-0927 CVE-2010-0094 CVE-2010-0188 CVE-2010-0806 CVE-2010-0840...
View ArticleTechno XPack
There’s another new exploit pack in town called Techno XPack. This one looks like a re-skinned BleedingLife. Here’s a list of the exploits it’s packing: CVE-2008-2992 CVE-2010-0188 CVE-2010-0842...
View ArticlePlaying Hide and Seek with Malicious Scripts
When I encounter a drive-by download that involves a compromised host, there will usually be a malicious script somewhere on the website. The “malicious script” could be a meta refresh tag, an iframe,...
View ArticleThe Resurrection of RedKit
“RedKit” was once a thriving exploit pack then faded away leaving behind artifacts on several abandoned hosts which are still triggering broken redirection alerts to this day. Within the past couple of...
View Article
More Pages to Explore .....