Wednesday, October 03, 2007

CISRT Serving Malware

The Chinese Internet Security Response Team is reporting that it has found embedded IFRAMEs serving malware within some of its pages. And despite that the blog itself is now clean, Trend Micro are pointing out that the main index is still IFRAME-ed and that the attackers took advantage of the momentum during China's "Golden Week" holiday.

IFRAMEs at the main index lead to :

js.users.51.la/392481.js
51.la/?392481
img.users.51.la/392481.asp

IFRAMEs at the blog used to point to :

mms.nmmmn.com/99913.htm
mms.nmmmn.com/30000.htm
mms.nmmmn.com/11122.htm

and ganbibi.com - where the twenty password stealers for online games located at ads.ganbibi.com/100.exe to ads.ganbibi.com/120.exe in numerical order are still active.

Related posts:
Bank of India Serving Malware
U.S Consulate St. Petersburg Serving Malware
Syrian Embassy in London Serving Malware