0 Replies Latest reply on Nov 9, 2007 7:48 AM by HarryWaldron

    Web Site Defacements using obuscated script attacks affect 52,000 pages

      Web Site Defacements using obuscated script attacks affect 52,000 pages
      This web server based attack has impacted several sites recently. While these are most likely less mainstream sites, folks should be cautious with email links or web site visitation :mad:

      http://isc.sans.org/diary.html?storyid=3621

      QUOTE: Zack wrote to us yesterday to report a mass defacement. After a brief look, we were able to confirm his finding that the following script tag (obfuscated) had been injected in over 40,000 pages across the internet, covering around 150 domains which we so far know of. This script generates a page containing several hidden iframe components. These link to other pages that contain browser specific exploit code, such as the common ADODB exploit. This code downloads, without prompting, a small number of executable droppers, and executes them on vulnerable systems.:eek:

      http://isc.sans.org/diary.html?storyid=3625

      UPDATE: The good news so far is that the executable being downloaded seems to be detected by most AV products. The sad news is that when I checked the other day the number of infected sites was about 30K and now about 52,000 sites.