[ Security Alert ] 12 August, 2010 14:41

1. Description


    AegisLab, security research group of Lionic Corp., disclosed the new "yahoo.js" malicious script in previous security alerts. After digging more, we found more than 500 sites are vulnerable and directed to "successtest.co.kr " domain which hosts the malicious Javascript named "yahoo.js".

    We strongly suggest enterprise/school/orgranization MIS people to block this hopping site to reduce the risk. Personal user can adopt anti-virus product or modify the hosts table in your PC to prevent the attack.

 (More)

[ Security Alert ] 10 August, 2010 14:35
 1. Description

 

    AegisLab, security research group of Lionic Corp., discovered more and more web sites of small business companies are vulnerable to SQL injection and web page modification. Users visit such exploitable will be lead to drive-by-download attacks.

 

2. Case Study

 

There are three vulnerable web sites listed as example.

 

 

  1. www.changyoung.com.tw

 

           The attack path is as following example:

 

           [root]hxxp://www.changyoung.com.tw/changyoung/report.asp
              [script]hxxp://www.800816.com.cn/cache/yahoo.js
                  [exp]hxxp://www.800816.com.cn/cache/ad.htm (Exploit.Ie0dayCVE0806.a)
                     [virus] hxxp://www.17oye.cn/images/s.exe

 

          The downloaded file "s.exe" has the 28/42 (66.67%) detection rate in VirusTotal. (http://www.virustotal.com/analisis/cdff7e34478a48929083674034e97fb773dcf40ccef8e70b6f6a2e56fa34c870-1281322395)

           Note that in order to resist forensics, the download file can be fetched only once.

 (More)

[ Security Alert ] 05 August, 2010 13:54
 

1. Description


    Birthday is a special day makes most people happy, but an exploitable website might make users unhappy.

 

    A web site, www.mybirthday.com.tw, which offers activities, coupons and fortune telling is injected with drive-by-down. AegisLab, security research group of Lionic Corp., discovered that a scripted file of that site is modified and a HTML "iframe" is inserted without user intention. Finally, it leads to a malicious executable.

 (More)

[ Security Alert ] 02 August, 2010 13:42
 

1. Description


     AegisLab, security research group of Lionic Corp., discovered a new malicious domain www.800816.com.cn. The URL of malicious Javascript is widely SQL-injected into many hosts. However, it uses the same file name of Javascript like previous spreading "wangqiao365" SQL injection. Therefore, we believes it is the new registered domain for the same attack.

 (More)

[ Security Alert ] 27 July, 2010 11:44

1. Description
    

     Due to the popularity of Twitter, and its limit in word count of each posted
message, it had become the hotbed of the malicious shortened URL.
And now, Lionic NSS group further discovered that in order to avoid the
tracking, the shortened URL uses two layers redirection.

 (More)

«Previous   1 2 3 ... 18 19 20